<!DOCTYPE html><html lang="cn" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0"><title>Linux中级命令 | 碧蓝幻想</title><meta name="author" content="阿尔托莉雅"><meta name="copyright" content="阿尔托莉雅"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta name="description" content="70.Linux搭建准备工作：1.Linx上网问题： 图示：   结论：  Linux通过windows的物理网卡进行上网 如果VM8虚拟网卡禁用，即Linux与windows主机无法ping通； Linux是可以进行上网的    2.配置白名单和安全组: 直接修改文件内容，重启系统生效： 1vim &#x2F;etc&#x2F;selinux&#x2F;config  selinux的取值：    值 说明    enfor">
<meta property="og:type" content="article">
<meta property="og:title" content="Linux中级命令">
<meta property="og:url" content="http://example.com/2023/03/13/3.linux/A3.Linux%E4%B8%AD%E7%BA%A7%E5%91%BD%E4%BB%A4/index.html">
<meta property="og:site_name" content="碧蓝幻想">
<meta property="og:description" content="70.Linux搭建准备工作：1.Linx上网问题： 图示：   结论：  Linux通过windows的物理网卡进行上网 如果VM8虚拟网卡禁用，即Linux与windows主机无法ping通； Linux是可以进行上网的    2.配置白名单和安全组: 直接修改文件内容，重启系统生效： 1vim &#x2F;etc&#x2F;selinux&#x2F;config  selinux的取值：    值 说明    enfor">
<meta property="og:locale">
<meta property="og:image" content="http://example.com/images/Otherwallpaper/avatar.png">
<meta property="article:published_time" content="2023-03-13T12:32:23.805Z">
<meta property="article:modified_time" content="2023-03-13T12:47:02.395Z">
<meta property="article:author" content="阿尔托莉雅">
<meta property="article:tag" content="Linux">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="http://example.com/images/Otherwallpaper/avatar.png"><link rel="shortcut icon" href="/img/favicon.png"><link rel="canonical" href="http://example.com/2023/03/13/3.linux/A3.Linux%E4%B8%AD%E7%BA%A7%E5%91%BD%E4%BB%A4/index.html"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css" media="print" onload="this.media='all'"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.min.css" media="print" onload="this.media='all'"><script>const GLOBAL_CONFIG = { 
  root: '/',
  algolia: undefined,
  localSearch: undefined,
  translate: undefined,
  noticeOutdate: undefined,
  highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
  copy: {
    success: 'Copy successfully',
    error: 'Copy error',
    noSupport: 'The browser does not support'
  },
  relativeDate: {
    homepage: false,
    post: false
  },
  runtime: '',
  date_suffix: {
    just: 'Just',
    min: 'minutes ago',
    hour: 'hours ago',
    day: 'days ago',
    month: 'months ago'
  },
  copyright: undefined,
  lightbox: 'fancybox',
  Snackbar: undefined,
  source: {
    justifiedGallery: {
      js: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery/dist/fjGallery.min.js',
      css: 'https://cdn.jsdelivr.net/npm/flickr-justified-gallery/dist/fjGallery.min.css'
    }
  },
  isPhotoFigcaption: false,
  islazyload: false,
  isAnchor: false,
  percent: {
    toc: true,
    rightside: false,
  }
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
  title: 'Linux中级命令',
  isPost: true,
  isHome: false,
  isHighlightShrink: false,
  isToc: true,
  postUpdate: '2023-03-13 20:47:02'
}</script><noscript><style type="text/css">
  #nav {
    opacity: 1
  }
  .justified-gallery img {
    opacity: 1
  }

  #recent-posts time,
  #post-meta time {
    display: inline !important
  }
</style></noscript><script>(win=>{
    win.saveToLocal = {
      set: function setWithExpiry(key, value, ttl) {
        if (ttl === 0) return
        const now = new Date()
        const expiryDay = ttl * 86400000
        const item = {
          value: value,
          expiry: now.getTime() + expiryDay,
        }
        localStorage.setItem(key, JSON.stringify(item))
      },

      get: function getWithExpiry(key) {
        const itemStr = localStorage.getItem(key)

        if (!itemStr) {
          return undefined
        }
        const item = JSON.parse(itemStr)
        const now = new Date()

        if (now.getTime() > item.expiry) {
          localStorage.removeItem(key)
          return undefined
        }
        return item.value
      }
    }
  
    win.getScript = url => new Promise((resolve, reject) => {
      const script = document.createElement('script')
      script.src = url
      script.async = true
      script.onerror = reject
      script.onload = script.onreadystatechange = function() {
        const loadState = this.readyState
        if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
        script.onload = script.onreadystatechange = null
        resolve()
      }
      document.head.appendChild(script)
    })
  
    win.getCSS = (url,id = false) => new Promise((resolve, reject) => {
      const link = document.createElement('link')
      link.rel = 'stylesheet'
      link.href = url
      if (id) link.id = id
      link.onerror = reject
      link.onload = link.onreadystatechange = function() {
        const loadState = this.readyState
        if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
        link.onload = link.onreadystatechange = null
        resolve()
      }
      document.head.appendChild(link)
    })
  
      win.activateDarkMode = function () {
        document.documentElement.setAttribute('data-theme', 'dark')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
        }
      }
      win.activateLightMode = function () {
        document.documentElement.setAttribute('data-theme', 'light')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
        }
      }
      const t = saveToLocal.get('theme')
    
          if (t === 'dark') activateDarkMode()
          else if (t === 'light') activateLightMode()
        
      const asideStatus = saveToLocal.get('aside-status')
      if (asideStatus !== undefined) {
        if (asideStatus === 'hide') {
          document.documentElement.classList.add('hide-aside')
        } else {
          document.documentElement.classList.remove('hide-aside')
        }
      }
    
    const detectApple = () => {
      if(/iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
        document.documentElement.classList.add('apple')
      }
    }
    detectApple()
    })(window)</script><meta name="generator" content="Hexo 6.3.0"></head><body><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="/images/Otherwallpaper/avatar.png" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="sidebar-site-data site-data is-center"><a href="/archives/"><div class="headline">Articles</div><div class="length-num">11</div></a><a href="/tags/"><div class="headline">Tags</div><div class="length-num">4</div></a><a href="/categories/"><div class="headline">Categories</div><div class="length-num">2</div></a></div><hr/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/archive/"><i class="fa-fw fas fa-archive"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page group" href="javascript:void(0);"><i class="fa-fw fas fa-list"></i><span> 工具</span><i class="fas fa-chevron-down"></i></a><ul class="menus_item_child"><li><a class="site-page child" href="/images/"><i class="fa-fw fas fa-image"></i><span> 图库</span></a></li><li><a class="site-page child" href="/music/"><i class="fa-fw fas fa-music"></i><span> 音乐</span></a></li><li><a class="site-page child" href="/video/"><i class="fa-fw fas fa-video"></i><span> 视频</span></a></li></ul></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 链接</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div></div></div><div class="post" id="body-wrap"><header class="post-bg" id="page-header" style="background-image: url('/images/PCwallpaper/backgroud2.jpg')"><nav id="nav"><span id="blog-info"><a href="/" title="碧蓝幻想"><span class="site-name">碧蓝幻想</span></a></span><div id="menus"><div class="menus_items"><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw fas fa-home"></i><span> 首页</span></a></div><div class="menus_item"><a class="site-page" href="/categories/"><i class="fa-fw fas fa-folder-open"></i><span> 分类</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw fas fa-tags"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="/archive/"><i class="fa-fw fas fa-archive"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page group" href="javascript:void(0);"><i class="fa-fw fas fa-list"></i><span> 工具</span><i class="fas fa-chevron-down"></i></a><ul class="menus_item_child"><li><a class="site-page child" href="/images/"><i class="fa-fw fas fa-image"></i><span> 图库</span></a></li><li><a class="site-page child" href="/music/"><i class="fa-fw fas fa-music"></i><span> 音乐</span></a></li><li><a class="site-page child" href="/video/"><i class="fa-fw fas fa-video"></i><span> 视频</span></a></li></ul></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw fas fa-link"></i><span> 链接</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw fas fa-heart"></i><span> 关于</span></a></div></div><div id="toggle-menu"><a class="site-page" href="javascript:void(0);"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="post-info"><h1 class="post-title">Linux中级命令</h1><div id="post-meta"><div class="meta-firstline"><span class="post-meta-date"><i class="far fa-calendar-alt fa-fw post-meta-icon"></i><span class="post-meta-label">Created</span><time class="post-meta-date-created" datetime="2023-03-13T12:32:23.805Z" title="Created 2023-03-13 20:32:23">2023-03-13</time><span class="post-meta-separator">|</span><i class="fas fa-history fa-fw post-meta-icon"></i><span class="post-meta-label">Updated</span><time class="post-meta-date-updated" datetime="2023-03-13T12:47:02.395Z" title="Updated 2023-03-13 20:47:02">2023-03-13</time></span><span class="post-meta-categories"><span class="post-meta-separator">|</span><i class="fas fa-inbox fa-fw post-meta-icon"></i><a class="post-meta-categories" href="/categories/Linux/">Linux</a></span></div><div class="meta-secondline"><span class="post-meta-separator">|</span><span class="post-meta-pv-cv" id="" data-flag-title="Linux中级命令"><i class="far fa-eye fa-fw post-meta-icon"></i><span class="post-meta-label">Post View:</span><span id="busuanzi_value_page_pv"><i class="fa-solid fa-spinner fa-spin"></i></span></span></div></div></div></header><main class="layout" id="content-inner"><div id="post"><article class="post-content" id="article-container"><h2 id="70-Linux搭建准备工作："><a href="#70-Linux搭建准备工作：" class="headerlink" title="70.Linux搭建准备工作："></a>70.Linux搭建准备工作：</h2><h3 id="1-Linx上网问题："><a href="#1-Linx上网问题：" class="headerlink" title="1.Linx上网问题："></a>1.Linx上网问题：</h3><ul>
<li><p>图示：</p>
<p><img src="C:\Users\user\AppData\Roaming\Typora\typora-user-images\image-20221231104955090.png" alt="image-20221231104955090"></p>
</li>
<li><p>结论：</p>
<ul>
<li>Linux通过windows的物理网卡进行上网</li>
<li>如果VM8虚拟网卡禁用，即Linux与windows主机无法ping通；</li>
<li>Linux是可以进行上网的</li>
</ul>
</li>
</ul>
<h3 id="2-配置白名单和安全组"><a href="#2-配置白名单和安全组" class="headerlink" title="2.配置白名单和安全组:"></a>2.配置白名单和安全组:</h3><ul>
<li><p>直接修改文件内容，重启系统生效：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/selinux/config</span><br></pre></td></tr></table></figure>
</li>
<li><p>selinux的取值：</p>
<table>
<thead>
<tr>
<th>值</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>enforcing</td>
<td>强制模式，会阻止你的进程来访问对应的资源(不符合selinux策略规则的情况)</td>
</tr>
<tr>
<td>permissive</td>
<td>宽容模式：只会有告警，不会阻止进程来访问资源</td>
</tr>
<tr>
<td>disabled</td>
<td>关闭selinux</td>
</tr>
</tbody></table>
</li>
<li><p>查看setlinux的属性值：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">getenforce</span><br></pre></td></tr></table></figure>
</li>
<li><p>通过命令临时修改selinux值：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">setenforce [num]     # 0：permissive，1：enconfig</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="3-配置防火墙："><a href="#3-配置防火墙：" class="headerlink" title="3.配置防火墙："></a>3.配置防火墙：</h3><ul>
<li><p>防火墙根据配置文件&#x2F;etc&#x2F;sysconfig&#x2F;iptables 来控制本机的“出”“入”网络访问行为</p>
<table>
<thead>
<tr>
<th>参数</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>status</td>
<td>查看防火墙状态</td>
</tr>
<tr>
<td>start</td>
<td>启动防火墙</td>
</tr>
<tr>
<td>stop</td>
<td>关闭防火墙</td>
</tr>
<tr>
<td>disable</td>
<td>开机禁用</td>
</tr>
<tr>
<td>enable</td>
<td>开机启用</td>
</tr>
</tbody></table>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl status firewalld</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl start firewalld</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl stop firewalld</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="4-配置网络yum源："><a href="#4-配置网络yum源：" class="headerlink" title="4.配置网络yum源："></a>4.配置网络yum源：</h3><ul>
<li><p>方式一：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo</span><br></pre></td></tr></table></figure>
</li>
<li><p>方式二：</p>
<ul>
<li><p>repos.d的配置文件</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">链接：https://pan.baidu.com/s/15RA1D2RX_8dkLMw3Pl4bhA </span><br><span class="line">提取码：abcd</span><br></pre></td></tr></table></figure>
</li>
<li><p>打开yum.repos.d目录，上传配置文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">cd /etc/yum.repos.d/</span><br></pre></td></tr></table></figure>
</li>
<li><p>清除以前的文件，加载上传文件：</p>
</li>
</ul>
</li>
<li><p>清除以前的文件，加载上传文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">yum clear all</span><br><span class="line">yum repolist</span><br></pre></td></tr></table></figure>
</li>
<li><p>安装：（出现complete为成功）</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install bind-utils -y</span><br></pre></td></tr></table></figure></li>
</ul>
<h2 id="1-第一章："><a href="#1-第一章：" class="headerlink" title="1.第一章："></a>1.第一章：</h2><h3 id="1-通配符："><a href="#1-通配符：" class="headerlink" title="1.通配符："></a>1.通配符：</h3><ul>
<li><p>常见通配符：</p>
<table>
<thead>
<tr>
<th>通配符</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>*</td>
<td>任意的字符重复任意多次</td>
</tr>
<tr>
<td>?</td>
<td>重复1次</td>
</tr>
<tr>
<td>{n1..n2}</td>
<td>这个是一个连续的n1-n2的范围</td>
</tr>
</tbody></table>
</li>
<li><p>使用：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">touch file&#123;1,5&#125;</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="2-单一执行的例行工作：at命令"><a href="#2-单一执行的例行工作：at命令" class="headerlink" title="2.单一执行的例行工作：at命令"></a>2.单一执行的例行工作：at命令</h3><ul>
<li><p>单一执行的例行性工作：仅处理执行一次就结束了</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">at -&gt; atd</span><br></pre></td></tr></table></figure>
</li>
<li><p>使用 at 命令来生成所要运行的工作，系统将这个工作，以文本方式写入&#x2F;var&#x2F;spool&#x2F;at&#x2F;目录内，该工作便能等待 atd 这个服务的取用与执行了</p>
</li>
<li><p>了安全问题，不是所有人都可以进行 at 工作调度。我们可以利用&#x2F;etc&#x2F;at.allow和&#x2F;etc&#x2F;at.deny 这两个文件来进行 at 的使用限制</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">cat /etc/at.allow</span><br><span class="line">cat /etc/at.deny</span><br></pre></td></tr></table></figure>
</li>
<li><p>at命令的实际工作过程</p>
<ol>
<li>寻找到&#x2F;etc&#x2F;at.allow文件存在，写在这个文件的用户<strong>才能</strong>使用at命令</li>
<li>&#x2F;etc&#x2F;at.allow不存在，则寻找&#x2F;etc&#x2F;at.deny文件，写在该文件的用户<strong>不能</strong>使用at命令</li>
<li>若两个文件都不存在，那么<strong>只有root</strong>可以使用at命令</li>
</ol>
</li>
<li><p><strong>命令格式</strong>：at [参数] [时间]</p>
</li>
<li><p>参数：</p>
<table>
<thead>
<tr>
<th>参数</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>-m（mail）</td>
<td>当任务完成之后，即使没有标准输出，将给用户发送邮件</td>
</tr>
<tr>
<td>-l（atq）</td>
<td>atq的别名，可列出目前系统上面的所有该用户的at调度</td>
</tr>
<tr>
<td>-d（atrm）</td>
<td>atrm的别名,可以取消一个在at调度中的工作</td>
</tr>
<tr>
<td>-v（verbose）</td>
<td>使用较明显的时间格式，列出at调度中的任务列表</td>
</tr>
<tr>
<td>-c（cat）</td>
<td>可以列出后面接的该项工作的实际命令内容</td>
</tr>
<tr>
<td>-f（file）</td>
<td>从文件中读取作业</td>
</tr>
</tbody></table>
</li>
<li><p>时间取值格式：</p>
<table>
<thead>
<tr>
<th>参数</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>HH:MM</td>
<td>在今天的HH小时MM分钟执行，如果今天的这个时间点已经过了，则明天执行</td>
</tr>
<tr>
<td>HH：MM YYYY-MM-DD</td>
<td>强制规定在某年某月的某一天的特殊时刻进行该工作</td>
</tr>
<tr>
<td>now + 2 minutes</td>
<td>从现在开始几分钟minutes, hours, days, or weeks</td>
</tr>
<tr>
<td>更多请man at查看…….</td>
<td></td>
</tr>
</tbody></table>
</li>
<li><p>使用：Ctrl+D结束交互</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">命令执行的在一分钟后向本用户发送邮件</span></span><br><span class="line">at -m now + 1 minutes</span><br><span class="line"><span class="meta prompt_">at&gt; </span></span><br></pre></td></tr></table></figure>

<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"># 定义三分钟之后显示hello</span><br><span class="line">at now + 3 minutes</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="3-使用网易邮箱发送邮箱："><a href="#3-使用网易邮箱发送邮箱：" class="headerlink" title="3.使用网易邮箱发送邮箱："></a>3.使用网易邮箱发送邮箱：</h3><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">授权码，网易设置处邮箱获取</span></span><br><span class="line">JPLJTOSJZGDBEJLU</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">安装邮箱软件</span></span><br><span class="line">yum install sendmail -y</span><br><span class="line">yum install mailx -y      </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">启动sendmail服务</span></span><br><span class="line">systemctl start sendmail</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">方式一：</span></span><br><span class="line">    # 发送给系统内部用户</span><br><span class="line">    echo &quot;邮箱内容&quot; | mail -s &quot;标题&quot; [接受用户]</span><br><span class="line">    # 在对应用户查看邮箱</span><br><span class="line">    mail</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">方式二：</span> </span><br><span class="line"><span class="meta prompt_">	# </span><span class="language-bash">修改配置文件，内容如下所示</span></span><br><span class="line">	vim /etc/mail.rc</span><br><span class="line"><span class="meta prompt_">	# </span><span class="language-bash">修改完成后重启服务</span></span><br><span class="line">	systemctl restart sendmail</span><br><span class="line"><span class="meta prompt_">	# </span><span class="language-bash">发送</span></span><br><span class="line">	echo &quot;邮箱内容&quot; | mail -s &quot;标题&quot; [外部接受用户]</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">开启ssl</span></span><br><span class="line">set ssl-verify=ignore</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">下方输入证书目录，下方为centos系统证书默认位置，也自行生成证书并指定</span></span><br><span class="line">set nss-config-dir=/etc/pki/nssdb</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">下方填入你配置的第三方smtp服务器的地址及端口，如果使用的是云服务器，安全组需要开放465端口（入口和出口）</span></span><br><span class="line">set smtp=smtps://smtp.163.com:465       </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">认证方式</span></span><br><span class="line">set smtp-auth=login</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">设置发信人邮箱昵称</span></span><br><span class="line">set smtp-auth-user=qv1095322098@163.com</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">下方输入上方邮箱的客户端授权码</span></span><br><span class="line">set smtp-auth-password=JPLJTOSJZGDBEJLU</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">下方输入用于发送邮件的邮箱账号</span></span><br><span class="line">set from=qv1095322098@163.com</span><br></pre></td></tr></table></figure>



<h3 id="4-循环执行的例行性工作：crontab命令："><a href="#4-循环执行的例行性工作：crontab命令：" class="headerlink" title="4.循环执行的例行性工作：crontab命令："></a>4.循环执行的例行性工作：crontab命令：</h3><ul>
<li><p>循环执行的例行性工作：每隔一定的周期就需要执行一次</p>
</li>
<li><p>循环执行的例行性工作调度是由crond这个系统服务来控制的。同样，我们也可以限制使用crontab的用户账号</p>
</li>
<li><p>crontab命令的实际工作过程</p>
<ol>
<li>以账号来判别是否可使用crontab命令<ul>
<li>&#x2F;etc&#x2F;cron.allow 将<strong>可以</strong>使用 crontab 的账号写入其中，若不在该文件内的用户，则<strong>不可使用</strong> cronta</li>
<li>&#x2F;etc&#x2F;cron.deny 将<strong>不可以</strong>使用 crontab 的账号写入其中，若不在该文件内的用户，则<strong>可</strong>使用 crontab</li>
</ul>
</li>
<li>当用户使用 crontab 新建工作调度之后，该项工作就会被记录到&#x2F;var&#x2F;spool&#x2F;cron&#x2F;里面</li>
<li>cron 执行的每一项工作都会被 记录到&#x2F;var&#x2F;log&#x2F;cron这个日志文件中</li>
</ol>
</li>
<li><p><strong>命令格式</strong>： crontab [-u user] [-l | -r | -e] </p>
</li>
<li><p>参数</p>
<table>
<thead>
<tr>
<th>参数</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>-u（user）</td>
<td>只有 root 才能进行这个任务，帮某个用户新建&#x2F;删除 crontab</td>
</tr>
<tr>
<td>-e（edit）</td>
<td>编辑 crontab 的工作内容</td>
</tr>
<tr>
<td>-l（list）</td>
<td>查阅 crontab 的工作内容</td>
</tr>
<tr>
<td>-r（remove）</td>
<td>删除所有的 crontab 的工作内容</td>
</tr>
</tbody></table>
</li>
<li><p><strong>编辑 crontab</strong> 文件格式为：每一行为一个工作，每项工作具有六个字段</p>
<table>
<thead>
<tr>
<th>代表意义</th>
<th>分钟</th>
<th>小时</th>
<th>日期</th>
<th>月份</th>
<th>周</th>
<th>命令</th>
</tr>
</thead>
<tbody><tr>
<td>数字范围</td>
<td>0-59</td>
<td>0-23</td>
<td>1-31</td>
<td>1-12</td>
<td>0-7，0和7都代表周日</td>
<td>执行的命令</td>
</tr>
</tbody></table>
</li>
<li><p><strong>编辑 crontab</strong> 文件内的特殊字符：</p>
<table>
<thead>
<tr>
<th>特殊字符</th>
<th>含义</th>
</tr>
</thead>
<tbody><tr>
<td>*</td>
<td>代表任何时刻</td>
</tr>
<tr>
<td>，</td>
<td>代表分隔时段</td>
</tr>
<tr>
<td>-</td>
<td>代表一段时间范围</td>
</tr>
<tr>
<td>&#x2F;数字</td>
<td>指定时间的间隔频率，例如每 3 分钟进行一次，*&#x2F;3</td>
</tr>
</tbody></table>
</li>
<li><p>使用：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">crontab -l</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">crontab -u qv123 -e </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">编辑文件内容</span></span><br><span class="line">42-45 16 * * * echo &quot;qv123&quot;     # 在每月每天不分星期天的16点42-45分钟，每一分钟控制台输出qv123</span><br><span class="line">42-45 16 * * * wall &quot;qv123&quot;     # 在每月每天不分星期天的16点42-45分钟，每一分钟控制台输出闹钟qv123</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="5-系统的例行性任务："><a href="#5-系统的例行性任务：" class="headerlink" title="5.系统的例行性任务："></a>5.系统的例行性任务：</h3><ul>
<li><p>在 &#x2F;etc&#x2F;crontab 文件中执行</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/crontab</span><br></pre></td></tr></table></figure>
</li>
<li><p>说明：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">SHELL=/bin/bash     # 运行计划所使用的shell 默认是bash</span><br><span class="line">PATH=/sbin:/bin:/usr/sbin:/usr/bin    # 指定命令执行环境变量路径</span><br><span class="line">MAILTO=root        # MAILTO变量指定了crond的任务执行信息将通过电子邮件发送给root用户</span><br><span class="line"></span><br><span class="line">*  *  *  *  * user-name  command to be executed     # user-name表示执行命令的用户是谁</span><br></pre></td></tr></table></figure>
</li>
<li><p>当需要同一时间执行多个脚本时，可以将这多个脚本放在一个目录下，然后使用  run-parts   来执行</p>
</li>
<li><p>run-parts：该命令可将后面接的“目录”内的所有文件找出来执行。</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">01 * * * * root run-parts /etc/cron.hourly</span><br></pre></td></tr></table></figure>

<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl restart crond</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="6-可唤醒停机期间的工作任务"><a href="#6-可唤醒停机期间的工作任务" class="headerlink" title="6.可唤醒停机期间的工作任务:"></a>6.可唤醒停机期间的工作任务:</h3><ul>
<li><p>anacron 可以处理关机状态时未执行的计划任务</p>
</li>
<li><p>anacron不能指定何时执行某项任务，而是以天为单位或是在开机后立刻进入anacron的操作（&#x2F;etc&#x2F;anacrontab）</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/anacrontab</span><br></pre></td></tr></table></figure>
</li>
<li><p>它会去检测停机期间应该进行但是并没有进行的crontab任务，并将该任务执行一遍，然后anacron就会自动停止了</p>
</li>
</ul>
<h2 id="2-第二章-chrony服务器："><a href="#2-第二章-chrony服务器：" class="headerlink" title="2.第二章-chrony服务器："></a>2.第二章-chrony服务器：</h2><h3 id="1-概念："><a href="#1-概念：" class="headerlink" title="1.概念："></a>1.概念：</h3><ul>
<li><p>Chrony是一个开源自由的网络时间协议 NTP 的<strong>客户端和服务器软软件</strong>。</p>
</li>
<li><p>它能让计算机保持系统时钟与时钟服务器（NTP）同步，因此让你的计算机保持精确的时间，Chrony也可以作为服务端软件为其他计算机提供时间同步服务</p>
</li>
<li><p>Chrony由两个程序组成，分别是chronyd（服务端）和chronyc（客户端）</p>
</li>
<li><p>chronyd是一个<strong>后台运行的守护进程</strong>，<strong>用于调整内核中运行的系统时钟和时钟服务器同步</strong>。它确定计算机增减时间的比率，并对此进行补偿</p>
</li>
<li><p>chronyc提供了一个用户界面，用于监控性能并进行多样化的配置。它可以在chronyd实例控制的计算机上工作，也可以在一台不同的远程计算机上工作</p>
</li>
<li><p>NTP 是网络时间协议（Network Time Protocol）的简称，通过 <strong>udp 123 端口</strong>进行网络时钟同步</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">cat /etc/services      # 查看服务端口</span><br></pre></td></tr></table></figure>
</li>
<li><p>RHEL7中默认使用chrony作为时间服务器，也支持NTP，需要额外安装。NTP与chrony不能同时存在，只能用其中一个</p>
</li>
</ul>
<h3 id="2-安装与配置："><a href="#2-安装与配置：" class="headerlink" title="2.安装与配置："></a>2.安装与配置：</h3><ul>
<li><p>安装：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum -y install chrony</span><br></pre></td></tr></table></figure>
</li>
<li><p>启动进程：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">systemctl enable chronyd</span><br><span class="line">systemctl start chronyd</span><br></pre></td></tr></table></figure>
</li>
<li><p>Chrony的配置文件是&#x2F;etc&#x2F;chrony.conf</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"># 查看配置文件帮助</span><br><span class="line">man 5 chrony.conf</span><br></pre></td></tr></table></figure>
</li>
<li><p>配置文件详情：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">使用 pool.ntp.org 项目中的公共服务器。以server开，理论上想添加多少时间服务器都可以。</span></span><br><span class="line">pool 2.rhel.pool.ntp.org iburst</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">根据实际时间计算出服务器增减时间的比率，然后记录到一个文件中，在系统重启后为系统做出最佳时间补偿调整。</span></span><br><span class="line">driftfile /var/lib/chrony/drift</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">如果系统时钟的偏移量大于1秒，则允许系统时钟在前三次更新中步进。</span></span><br><span class="line">makestep 1.0 3</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">启用实时时钟（RTC）的内核同步。</span></span><br><span class="line">rtcsync</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">通过使用 hwtimestamp 指令启用硬件时间戳</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">hwtimestamp *</span></span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">增加调整系统时钟所需的最小可选源数量。</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">minsources 2</span></span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">指定 NTP 客户端地址，以允许或拒绝连接到扮演时钟服务器的机器</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">allow 192.168.0.0/16</span></span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">即使没有与时间源同步，也可以提供时间;即：如果时间源同步失败，将本地层级设置为10。</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash"><span class="built_in">local</span> stratum 10</span></span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">指定包含 NTP 身份验证密钥的文件。</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">keyfile /etc/chrony.keys</span></span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">指定日志文件的目录。</span></span><br><span class="line">logdir /var/log/chrony</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">选择日志文件要记录的信息。</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash"><span class="built_in">log</span> measurements statistics tracking</span></span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="3-配置时间服务器："><a href="#3-配置时间服务器：" class="headerlink" title="3.配置时间服务器："></a>3.配置时间服务器：</h3><ul>
<li><p>修改配置文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/chrony.conf</span><br></pre></td></tr></table></figure>
</li>
<li><p>设置开机启动，重启服务</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">systemctl enable chronyd</span><br><span class="line">systemctl restart chronyd</span><br></pre></td></tr></table></figure>
</li>
<li><p>查看时间同步状态</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">timedatectl status</span><br></pre></td></tr></table></figure>
</li>
<li><p>开启网络时间同步</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">timedatectl set-ntp true</span><br></pre></td></tr></table></figure>
</li>
<li><p>添加阿里云服务器代替pool 2.rhel.pool.ntp.org iburst同步时间，可添加多个</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">server ntp.aliyun.com iburst</span><br></pre></td></tr></table></figure>
</li>
<li><p>修改允许通过客户端地址</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">allow 192.168.0.0/16</span><br></pre></td></tr></table></figure>
</li>
<li><p>也在向其他服务器提供时间服务</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">local stratum 10</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="4-chronyc-命令"><a href="#4-chronyc-命令" class="headerlink" title="4.chronyc 命令:"></a>4.chronyc 命令:</h3><ul>
<li><p>查看 ntp_servers，-v 详细信息</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">chronyc sources -v</span><br></pre></td></tr></table></figure>

<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">MS Name/IP address         Stratum Poll Reach LastRx Last sample               </span><br><span class="line">===============================================================================</span><br><span class="line">^* 203.107.6.88                  2   6    77    33  -1793us[-7154us] +/-   42ms</span><br></pre></td></tr></table></figure>

<table>
<thead>
<tr>
<th>属性</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>M</td>
<td>这表示信号源的模式，<em>^</em>表示服务器，*&#x3D;<em>表示对等方，</em>＃*表示本地连接的参考时钟</td>
</tr>
<tr>
<td>S</td>
<td>指示源的状态，* 表示chronyd当前同步到的源，+ 表示可接受的信号源，与选定的信号源组合在一起，- 表示被合并算法排除的可接受源，？ 指示已失去连接性或其数据包未通过所有测试的源，x 表示chronyd认为是虚假行情的时钟（即，其时间与大多数其他来源不一致），〜 表示时间似乎具有太多可变性的来源</td>
</tr>
<tr>
<td>Name&#x2F;IP address</td>
<td>这显示了源的名称或IP地址，或参考时钟的参考ID</td>
</tr>
<tr>
<td>Stratum</td>
<td>这显示了来源的层，层1表示一台具有本地连接的参考时钟的计算机。与第1层计算机同步的计算机位于第2层。与第2层计算机同步的计算机位于第3层</td>
</tr>
<tr>
<td>Poll</td>
<td>这显示轮询源的速率，以秒为单位的时间间隔的以2为底的对数</td>
</tr>
<tr>
<td>Reach</td>
<td>这显示了源的可达性寄存器以八进制数字打印。寄存器有8位</td>
</tr>
<tr>
<td>LastRx</td>
<td>此列显示多长时间前从来源接收到了最后一个好的样本</td>
</tr>
<tr>
<td>Last sample</td>
<td>此列显示上次测量时本地时钟与源之间的偏移，方括号中的数字表示实际测得的偏移量。可以用<em>ns</em>（表示纳秒），<em>us</em> （表示微秒），<em>ms</em>（表示毫秒）或<em>s</em>（表示秒）作为后缀。方括号左侧的数字表示原始测量值，已调整为允许此后施加于本地时钟的任何摆度。*+&#x2F;-*指示器后面的数字表示测量中的误差范围。正偏移表示本地时钟位于源时钟之前</td>
</tr>
</tbody></table>
</li>
<li><p>通过chronyc命令临时添加同步服务器，重启chronyd进程后失效：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">chronyc add server ntp.aliyun.com iburst</span><br></pre></td></tr></table></figure>
</li>
<li><p>查看 ntp_servers 状态，-v 详细信息</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">chronyc sourcestats -v</span><br></pre></td></tr></table></figure>
</li>
<li><p>查看 ntp_servers 是否在线，-v 详细信息</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">chronyc activity -v</span><br></pre></td></tr></table></figure>
</li>
<li><p>查看 ntp 详细信息，-v 详细信息</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">chronyc tracking -v</span><br></pre></td></tr></table></figure>

<table>
<thead>
<tr>
<th>属性</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>Reference ID</td>
<td>与之进行同步的ntp服务器的参考ID（一串16进制数字）和名称（或ip地址）</td>
</tr>
<tr>
<td>Stratum</td>
<td>与附加硬件参考时钟的计算机stratum1）的距离</td>
</tr>
<tr>
<td>Ref time (UTC)</td>
<td>来自参考时间源的最后测量的UTC时间</td>
</tr>
<tr>
<td>System time</td>
<td>正常情况下，chronyd默认不会步进调整时钟，因为时间的跳跃会有对某些应用程序造成不良后果的风险</td>
</tr>
<tr>
<td>Last offset</td>
<td>最后一次时钟更新时估计的本地偏移量</td>
</tr>
<tr>
<td>RMS offset</td>
<td>偏移量的长期平均值</td>
</tr>
<tr>
<td>Frequency</td>
<td>如果chronyd不进行校正，系统时钟出错的频率</td>
</tr>
<tr>
<td>Residual freq</td>
<td>当前选择的参考时间源的‘residual frequency’。表示从参考时间源测量到的频率与当前使用的频率之间的差值</td>
</tr>
<tr>
<td>Skew</td>
<td>频率上的估计误差范围</td>
</tr>
<tr>
<td>Root delay</td>
<td>本计算机到最终同步的stratum-1计算机的网络路径延迟的总和</td>
</tr>
<tr>
<td>Root dispersion</td>
<td>通过所有经过的计算机，回到最终同步的stratum-1计算机累积的总弥散</td>
</tr>
<tr>
<td>Update interval</td>
<td>最后两次时钟更新的时间间隔</td>
</tr>
<tr>
<td>Leap status</td>
<td>可能值为Normal、Insert second、Delete second、Not synchronized</td>
</tr>
</tbody></table>
</li>
<li><p>强制同步下系统时钟</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">chronyc -a makestep</span><br></pre></td></tr></table></figure></li>
</ul>
<h2 id="3-第三章-远程连接服务器："><a href="#3-第三章-远程连接服务器：" class="headerlink" title="3.第三章-远程连接服务器："></a>3.第三章-远程连接服务器：</h2><h3 id="1-概念：-1"><a href="#1-概念：-1" class="headerlink" title="1.概念："></a>1.概念：</h3><ul>
<li>远程连接服务器：通过文字或图形接口方式来远程登录系统，让你在远程终端前登录linux主机以取得可操作主机接口（shell），而登录后的操作感觉就像是坐在系统前面一样</li>
<li>远程连接服务器的功能：<ul>
<li>分享主机的运算能力</li>
<li>服务器类型：有限度开放连接</li>
<li>工作站类型：只对内网开放</li>
</ul>
</li>
<li>远程连接服务器的类型（以登录的连接界面来分类）<ul>
<li>文字接口</li>
<li>明文传输：Telnet、RSH等，目前非常少用</li>
<li>加密传输：SSH为主，已经取代明文传输</li>
<li>图形接口：XDMCP、VNC、XRDP等</li>
</ul>
</li>
<li><strong>SSH</strong>（Secure Shell Protocol，安全的壳程序协议）它可以通过数据包加密技术将等待传输的数据包加密后再传输到网络上。</li>
<li>ssh协议本身提供两个服务器功能：<ul>
<li>类似telnet的远程连接使用shell的服务器</li>
<li>类似ftp服务的sftp-server，提供更安全的ftp服务</li>
</ul>
</li>
</ul>
<h3 id="2-连接加密技术："><a href="#2-连接加密技术：" class="headerlink" title="2.连接加密技术："></a>2.连接加密技术：</h3><ul>
<li><p>对称密钥：使用同一个密钥进行加密发送给对方和对方收到后解密；问题：如何保证密钥的安全</p>
<img src="C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20230211174208189.png" alt="image-20230211174208189" style="zoom:67%;" />

<img src="C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20230211174244525.png" alt="image-20230211174244525" style="zoom:67%;" />
</li>
<li><p>非对称密钥：使用公钥将数据加密，使用私钥对数据进行解密；问题：如何确保服务器的身份（把责任甩给客户端，看客户端是否登录）</p>
<p><img src="C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20230211174448543.png" alt="image-20230211174448543"></p>
</li>
<li><p>目前常见的网络数据包加密技术通常是通过“非对称密钥系统”来处理的。主要通过两把不一样的公钥与私钥来进行加密与解密的过程。</p>
</li>
<li><p><strong>公钥（public key）</strong>：提供给远程主机进行数据加密的行为，所有人都可获得你的公钥来将数据加密</p>
</li>
<li><p><strong>私钥（private key）</strong>：远程主机使用你的公钥加密的数据，在本地端就能够使用私钥来进行解密。私钥只有自己拥有</p>
</li>
<li><p>SSH在连接的时候使用非对称加密，在传输数据时候使用对称加密</p>
</li>
<li><p>SSH工作过程：（在整个通讯过程中，为实现SSH的安全连接，服务端与客户端要经历如下五个阶段）</p>
<table>
<thead>
<tr>
<th>过程</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>版本号协商阶段</td>
<td>SSH目前包括SSH1和SSH2两个版本，双方通过版本协商确定使用的版本</td>
</tr>
<tr>
<td>密钥和算法协商阶段</td>
<td>SSH支持多种加密算法，双方根据本端和对端支持的算法，协商出最终使用的算法</td>
</tr>
<tr>
<td>认证阶段</td>
<td>SSH客户端向服务器端发起认证请求，服务器端对客户端进行认证</td>
</tr>
<tr>
<td>会话请求阶段</td>
<td>认证通过后，客户端向服务器端发送会话请求</td>
</tr>
<tr>
<td>交互会话阶段</td>
<td>会话请求通过后，服务器端和客户端进行信息的交互</td>
</tr>
</tbody></table>
</li>
<li><p>一：<strong>版本协商阶段</strong>：（client：SSH-2.0-JSCH_FinalShell_214，server：SSH-2.0-OpenSSH_8.0）</p>
<ol>
<li><p>启动了sshd服务之后，服务会默认监听22号端口，客户端向服务发起tcp请求</p>
</li>
<li><p>TCP连接建立后，服务器向客户端发送第一个报文</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">SSH-&lt;主协议版本号&gt;.&lt;次协议版本号&gt;.&lt;软件版本号&gt;</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">例：SSH-2.0-JSCH_FinalShell_214</span></span><br></pre></td></tr></table></figure>
</li>
<li><p>客户端收到报文后，比较本机支持的版本和发送的版本；如果客户端支持发送的版本，客户端回应报文  </p>
</li>
<li><p>服务器收到报文后，也同意；则进入密钥和算法协商阶段，否则服务器断开TCP连接</p>
</li>
</ol>
</li>
<li><p><strong>说明：上述报文都是采用明文方式传输。</strong></p>
</li>
<li><p>二：<strong>密钥和算法协商阶段</strong>：</p>
<ul>
<li><p>算法协商：（client：Client: Key Exchange Init，server：serve:Key Exchange Init）</p>
<ol>
<li><p>客户端发送算法协商报文给服务端，报文中包含自己支持的算法。</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">支持的算法：公钥算法列表，加密算法列表，MAC(消息验证码)，算法列表，压缩算法列表</span></span><br></pre></td></tr></table></figure>
</li>
<li><p>服务端收到的报文得出最终使用的算法，回复客户端。</p>
</li>
</ol>
</li>
<li><p>会话密钥的产生，DH算法：（client：Client: Diffie-Hellman Key Exchange Init，server：Diffie-Hellman Key Exchange Reply, New Keys, Unknown (140，client：New Keys）</p>
<ol>
<li><p>客户端使用适当的客户端程序请求服务器</p>
</li>
<li><p>服务器会将公钥（由ssh服务计算出的密钥对）和生成的会话ID发送给客户端</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">密钥对文件/etc/ssh/ssh_host*</span></span><br><span class="line">会话ID: ssh断开连接，现在要恢复连接，通过会话ID来确认是不是上一次的连接</span><br></pre></td></tr></table></figure>
</li>
<li><p>客户端生成会话密钥，用服务器的公钥加密后，发送给服务器；服务器用自己的私钥将收到的数据解密，获得会话密钥</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">如果客户端使第一次连接到ssh服务器，客户端会将服务器的公钥数据记录到自己家目录下./ssh/known_hosts文件</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">如果是存在记录，则进行对比</span></span><br><span class="line">会话密钥： ssh连接成功之后，使用对称加密对传输的数据进行加密, 使用加密的密钥就是会话密钥</span><br></pre></td></tr></table></figure></li>
</ol>
</li>
</ul>
</li>
<li><p>三：<strong>认证阶段</strong></p>
<ul>
<li><p><strong>基于口令的认证（password认证</strong>）：</p>
<ol>
<li>客户端向服务器发出用password认证请求，将用户名和密码使用公钥加密后发送给服务器</li>
<li>服务器将该信息解密后得到用户名和密码的明文，与设备上保存的用户名和密码进行比较，</li>
<li>并返回认证成功或失败消息。</li>
</ol>
<p><img src="C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20230211174448543.png" alt="image-20230211174448543"></p>
</li>
<li><p><strong>基于密钥的认证（publickey认证）</strong>：</p>
<ol>
<li><strong>手动</strong>client发送的公钥保存到Server上登录用户的家目录的.ssh&#x2F;authorized<em>keys文件中</em></li>
<li>客户端首先将公钥传给服务器端。服务器端收到公钥后会与本地该账号家目录下的authorized*keys中的公钥进行对比</li>
<li>如果相同，服务端生成一段随机字符串，并先后用客户端公钥和会话密钥对其加密，发送给客户端。</li>
<li>客户端收到后，使用私钥解密后的随机字符串用会话密钥加密发送给服务器。</li>
<li>客户端发送的字符串与服务器端生成的字符串的一样，则认证通过，否则，认证失败。</li>
</ol>
<p><img src="C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20230211185651811.png" alt="image-20230211185651811"></p>
</li>
</ul>
</li>
</ul>
<h3 id="3-ssh远程连接服务："><a href="#3-ssh远程连接服务：" class="headerlink" title="3.ssh远程连接服务："></a>3.ssh远程连接服务：</h3><ul>
<li><p>安装ssh服务：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">yum -y install openssh-server</span><br><span class="line">yum list | grep openssh</span><br></pre></td></tr></table></figure>
</li>
<li><p>&#x2F;etc&#x2F;ssh目录下的配置文件</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line">[root@manage .ssh]# tree /etc/ssh/</span><br><span class="line">/etc/ssh/</span><br><span class="line">├── moduli ： 密钥交换算法ecdh: 商量模数和基数</span><br><span class="line">├── ssh_config ： 客户端配置文件</span><br><span class="line">├── ssh_config.d ： 额外的客户端配置文件</span><br><span class="line">│   └── 05-redhat.conf </span><br><span class="line">├── sshd_config ： 服务端配置文件</span><br><span class="line">├── ssh_host_ecdsa_key  私钥</span><br><span class="line">├── ssh_host_ecdsa_key.pub 公钥</span><br><span class="line">├── ssh_host_ed25519_key 私钥</span><br><span class="line">├── ssh_host_ed25519_key.pub 公钥</span><br><span class="line">├── ssh_host_rsa_key 私钥</span><br><span class="line">└── ssh_host_rsa_key.pub 公钥</span><br></pre></td></tr></table></figure>
</li>
<li><p>修改配置文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/ssh/sshd_config</span><br></pre></td></tr></table></figure>
</li>
<li><p>配置文件详情：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br></pre></td><td class="code"><pre><span class="line">17.#Port 22    #监听端口，默认监听22端口  【默认可修改】</span><br><span class="line">18.#AddressFamily any     #IPV4和IPV6协议家族用哪个，any表示二者均有</span><br><span class="line">19.#ListenAddress 0.0.0.0    #指明监控的地址，0.0.0.0表示本机的所有地址</span><br><span class="line">20.#ListenAddress ::     #指明监听的IPV6的所有地址格式</span><br><span class="line">22.# The default requires explicit activation of protocol 1  </span><br><span class="line">23.#Protocol 2            #使用SSH第二版本</span><br><span class="line">25.# HostKey for protocol version 1    #一版的SSH支持以下一种秘钥形式</span><br><span class="line">26.#HostKey /etc/ssh/ssh_host_key</span><br><span class="line">27.# HostKeys for protocol version 2   #使用第二版本发送秘钥，支持以下四种秘钥认证的存放位置</span><br><span class="line">28.HostKey /etc/ssh/ssh_host_rsa_key       # rsa私钥认证 【默认】</span><br><span class="line">29.#HostKey /etc/ssh/ssh_host_dsa_key      # dsa私钥认证</span><br><span class="line">30.HostKey /etc/ssh/ssh_host_ecdsa_key     # ecdsa私钥认证</span><br><span class="line">31.HostKey /etc/ssh/ssh_host_ed25519_key   # ed25519私钥认证</span><br><span class="line">35.#ServerKeyBits 1024     #主机秘钥长度</span><br><span class="line">40.# Logging</span><br><span class="line">41.# obsoletes QuietMode and FascistLogging</span><br><span class="line">42.#SyslogFacility AUTH</span><br><span class="line">43.SyslogFacility AUTHPRIV    #当有人使用ssh登录系统的时候，SSH会记录信息，信息保存在/var/log/secure里面</span><br><span class="line">44.#LogLevel INFO           #日志的等级</span><br><span class="line">45.# Authentication:</span><br><span class="line">48.#LoginGraceTime 2m      #登录的宽限时间，默认2分钟没有输入密码，则自动断开连接</span><br><span class="line">49.#PermitRootLogin yes      #是否允许管理员远程登录，&#x27;yes&#x27;表示允许</span><br><span class="line">50.#StrictModes yes      #是否让sshd去检查用户主目录或相关文件的权限数据</span><br><span class="line">51.#MaxAuthTries 6     #最大认证尝试次数，最多可以尝试6次输入密码。之后需要等待某段时间后才能再次输入密码</span><br><span class="line">52.#MaxSessions 10    #允许的最大会话数</span><br><span class="line">59.AuthorizedKeysFile .ssh/authorized_keys  #选择基于密钥验证时，客户端生成一对公私钥之后，会将公钥放到.ssh/authorizd_keys里面</span><br><span class="line">79.PasswordAuthentication yes      #是否允许支持基于口令的认证</span><br><span class="line">83.ChallengeResponseAuthentication no   #是否允许使用键盘输入身份验证，也就是xshell的第三个登录方式</span><br><span class="line">129.#UseDNS yes   #是否反解DNS，如果想让客户端连接服务器端快一些，这个可以改为no</span><br><span class="line">146.Subsystem sftp /usr/libexec/openssh/sftp-server     #支持 SFTP ，如果注释掉，则不支持sftp连接</span><br><span class="line">154.AllowUsers user1 user2    #登录白名单（默认没有这个配置，需要自己手动添加），允许远程登录的用户。如果名单中没有的用户，则提示拒绝登录</span><br></pre></td></tr></table></figure>
</li>
<li><p>重新加载配置文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl restart sshd</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="4-配置SSH密钥："><a href="#4-配置SSH密钥：" class="headerlink" title="4.配置SSH密钥："></a>4.配置SSH密钥：</h3><ul>
<li><p>创建密钥对</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">ssh-keygen -t rsa -b [字节数]           # ssh-keygen - 生成、管理和转换认证密钥，t制定类型</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">RSA</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">window：C:/用户/user/.ssh/id_rsa私钥文件，linux：~/.ssh/id_rsa私钥文件</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">window：C:/用户/user/id_rsa.pub公钥文件，linux：~/.ssh/id_rsa.pub公钥文件</span></span><br></pre></td></tr></table></figure>
</li>
<li><p>复制该公钥文件到服务端的该目录下：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">scp [本地的公钥文件路径] root@192.168.40.132:/root/.ssh/authorized_keys</span><br></pre></td></tr></table></figure>
</li>
<li><p>在本地服务器上登陆对端服务器</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">ssh 192.168.40.132</span><br><span class="line">ssh root@192.168.40.132</span><br><span class="line">ssh   -i   /root/.ssh/id_rsa   root@172.24.8.128</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="5-sftp用法"><a href="#5-sftp用法" class="headerlink" title="5.sftp用法:"></a>5.sftp用法:</h3><ul>
<li><p>连接远程服务器：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sftp root@[IP地址]</span><br></pre></td></tr></table></figure>
</li>
<li><p>连接的服务端：ls，mkdir，rmdir，pwd等</p>
</li>
<li><p>本机客户端：lcd，lls，lpwd等</p>
</li>
<li><p>将文件由本机<strong>上传</strong>到远程主机：文件会存储到当前远程主机的目录下</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">put [本机文件] </span><br></pre></td></tr></table></figure>
</li>
<li><p>将文件由远程主机<strong>下载</strong>下来：文件会存储在当前本机所在的目录当中</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">get [远程主机文件]</span><br></pre></td></tr></table></figure></li>
</ul>
<h2 id="4-第四章-Web服务器："><a href="#4-第四章-Web服务器：" class="headerlink" title="4.第四章-Web服务器："></a>4.第四章-Web服务器：</h2><h3 id="1-www简介："><a href="#1-www简介：" class="headerlink" title="1.www简介："></a>1.www简介：</h3><ul>
<li>什么是www ：<ul>
<li>www是world wide web的缩写，也就是全球信息广播的意思。通常说的上网就是使用www来查询用户所需要的信息。www可以结合文字、图形、影像以及声音等多媒体，并通过可以让鼠标单击超链接的方式将信息以Internet传递到世界各处去。</li>
<li>与其他服务器类似，当你连接上www网站，该网站肯定会提供一些数据，而你的客户端则必须要使用可以解析这些数据的软件来处理，那就是浏览器。www服务器与客户端浏览器之间的连接图</li>
</ul>
</li>
<li>www所用的协议：<ul>
<li>HTTP超文本传输协议（HyperText Transfer Protocal），是互联网上最广泛的一种网络协议，所有的WWW文件都必须遵守这个标准。</li>
<li>它是建立在TCP上一种的无状态连接，整个基本的工作流程是客户端发送一个HTTP请求，说明客户端想要访问的资源和请求的动作，服务端收到请求之后，服务端开始处理请求，并根据请求做出相应的动作访问服务器资源，最后通过发送HTTP响应把结果返回给客户端。其中一个请求的开始到一个响应的结束称为事务，当一个事物结束后还会在服务端添加一条日志条目</li>
</ul>
</li>
<li>WEB服务器：<ul>
<li>指网站服务器，是指驻留与因特网上某种类型计算机的程序，可以向浏览器等WEB客户端提供文档，也可以放置网站文件，让全世界浏览；可以放置数据文件，让全世界下载</li>
<li>目前最主流的三个WEB服务器是Apache和Microsoft和Internet-信息服务器（Internet Information Services，IIS）unix nginx</li>
</ul>
</li>
<li>主要数据：<ul>
<li>服务器所提供的最主要数据是超文本标记语言（Hyper Text Markup Language，HTML）、多媒体文件（图片、影像、声音、文字等，都属于多媒体或称为超媒体）</li>
<li>HTML只是一些纯文本数据，通过所谓的标记来规范所要显示的数据格式</li>
</ul>
</li>
<li>浏览器：<ul>
<li>客户端收到服务器的数据之后需要软件解析服务器所提供的数据，最后将效果呈现在用户的屏幕上。</li>
<li>那么著名的浏览器就有内建在Windows操作系统内的IE浏览器了，还有Firefox浏览器和Google的chrome浏览器</li>
</ul>
</li>
</ul>
<h3 id="2-网址及HTTP简介："><a href="#2-网址及HTTP简介：" class="headerlink" title="2.网址及HTTP简介："></a>2.网址及HTTP简介：</h3><ul>
<li><p>web服务器提供的这些数据大部分都是文件，那么我们需要在服务器端先将数据文件写好，并且放置在某个特殊的目录下面，这个目录就是我们整个网站的首页，在redhat中，这个目录默认在&#x2F;var&#x2F;www&#x2F;html。浏览器是通过你在地址栏中输入你所需要的网址来取得这个目录的数据的</p>
</li>
<li><p><strong>URL</strong>：Uniform Resource Locator，<strong>统一资源定位符</strong>，它是WWW的统一资源定位标志，就是<strong>指网络地址</strong>；URL是URI概念的一种实现方式。</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">www.qv123.top/index.html</span><br></pre></td></tr></table></figure>
</li>
<li><p><strong>URI</strong>：<strong>统一资源标识符</strong>，表示Web上每一种可用的资源，如HTML文档,图像，视频片段，程序等都是由一个URI进行标识的；URL是URI的一个子集</p>
</li>
<li><p>URI网址格式：**[协议名] : &#x2F;&#x2F; [用户名] : [密码] @ [服务器地址] : [服务器端口号] &#x2F; [路径] ? [查询字符串] # [片段ID]**</p>
<ul>
<li>浏览器常支持的<strong>协议</strong>有：http、https、ftp等</li>
<li>端口号（port）：http为80，https为443 （IANA：互联网数字分配机构）<ul>
<li>0-1023：众所周知，永久地分配给固定的应用程序使用，特权端口（只有管理员有权限启用并让进程监听）</li>
<li>1024-41951：亦为注册端口，但要求不是特别严格，分配给程序注册为某应用使用：3306&#x2F;TCP</li>
<li>41952-60000：客户端程序随机使用的端口，动态端口，或私有端口</li>
</ul>
</li>
</ul>
</li>
<li><p><strong>http请求方法</strong>：在http通信中，每个http请求报文都包含一个方法，用以告诉web服务器端需要执行哪些具体的动作，这些动作包括：获取指定web页面、提交内容到服务器、删除服务器上资源文件等</p>
</li>
<li><p><strong>状态代码</strong>：由三位数字组成，第一个数字定义了响应的类别，且有五种可能取值</p>
<ul>
<li>1xx：指示信息 —— 表示请求已接收，继续处理</li>
<li>2xx：成功 —— 表示请求已被成功接收、理解、接受</li>
<li>3xx：重定向 —— 要完成请求必须进行更进一步的操作</li>
<li>4xx：客户端错误 —— 请求有语法错误或请求无法实现</li>
<li>5xx：服务器端错误 —— 服务器未能实现合法的请求</li>
</ul>
</li>
<li><p>常见状态代码、状态描述的说明如下：</p>
<ul>
<li>200 OK：客户端请求成功</li>
<li>400 Bad Request：客户端请求有语法错误，不能被服务器所理解</li>
<li>401 Unauthorized：请求未经授权，这个状态代码必须和 WWW-Authenticate 报头域一起使用</li>
<li>403 Forbidden：服务器收到请求，但是拒绝提供服务</li>
<li>404 Not Found：请求资源不存在，举个例子：输入了错误的URL</li>
<li>500 Internal Server Error：服务器发生不可预期的错误</li>
<li>503 Server Unavailable：服务器当前不能处理客户端的请求，一段时间后可能恢复正常</li>
</ul>
</li>
<li><p><strong>HTTP报文</strong>：http报文中有很多行内容，这些行的字段内容都是由一些ASCII码串组成，但各个字段的长度是不同的。http报文可分为两种，一种是从web客户端发往web服务器的http报文，称为请求报文。另外一种是从web服务器发往web客户端的报文，称为响应报文</p>
</li>
<li><p><strong>http请求报文</strong>：</p>
<ul>
<li><p>http请求报文由请求头、请求行、空行和请求体几个部分组成：</p>
</li>
<li><p>http响应报文由响应头、状态行、空行和响应体这几个部分组成：</p>
</li>
<li><p>MIME（Multipurpose Internet Mail Extension，多用途因特网邮件扩展）最初是为了解决在不同的电子邮件系统之间搬移报文时存在的问题。后来http也支持了这个功能，用它来描述数据并标记不同的数据内容类型</p>
</li>
<li><p>当web服务器响应http请求时，会为每一个http对象数据加一个MIME类型。当web浏览器获取到服务器返回的对象时，会去查看相关的MIME类型，并进行相应的处理</p>
</li>
<li><p>MIME类型存在于HTTP响应报文的响应头部信息里，它是一种文本标记，表示一种主要的对象类型和一个特定的子类型。常见的MIME类型</p>
<table>
<thead>
<tr>
<th>MIME类型</th>
<th>文件类型</th>
</tr>
</thead>
<tbody><tr>
<td>text&#x2F;html</td>
<td>html、htm、shtml文本类型</td>
</tr>
<tr>
<td>text&#x2F;css</td>
<td>css文本类型</td>
</tr>
<tr>
<td>text&#x2F;xml</td>
<td>xml文本类型</td>
</tr>
<tr>
<td>image&#x2F;gif</td>
<td>gif图像类型</td>
</tr>
<tr>
<td>image&#x2F;jpeg</td>
<td>jpeg、jpg图像类型</td>
</tr>
<tr>
<td>application&#x2F;javascript</td>
<td>js文本类型</td>
</tr>
<tr>
<td>text&#x2F;plain</td>
<td>txt文本类型</td>
</tr>
<tr>
<td>application&#x2F;json</td>
<td>json文本类型</td>
</tr>
<tr>
<td>video&#x2F;mp4</td>
<td>mp4视频类型</td>
</tr>
<tr>
<td>video&#x2F;quicktime</td>
<td>mov视频类型</td>
</tr>
<tr>
<td>video&#x2F;x-flv</td>
<td>flv视频类型</td>
</tr>
<tr>
<td>video&#x2F;x-</td>
<td>wmv视频类型</td>
</tr>
<tr>
<td>video&#x2F;x-msvideo</td>
<td>avi视频类型</td>
</tr>
</tbody></table>
</li>
</ul>
</li>
</ul>
<h3 id="3-HTTP协议请求的工作流程"><a href="#3-HTTP协议请求的工作流程" class="headerlink" title="3.HTTP协议请求的工作流程:"></a>3.HTTP协议请求的工作流程:</h3><ol>
<li>终端客户在web浏览器地址栏输入访问地址<a target="_blank" rel="noopener" href="http://www.ceshi.com/index.html">http://www.ceshi.com:80/index.html</a></li>
<li>web浏览器请求DNS服务器把域名<a target="_blank" rel="noopener" href="http://www.ceshi.com解析成web服务器的ip地址/">www.ceshi.com解析成web服务器的IP地址</a></li>
<li>web浏览器将端口号（默认是80）从访问地址（URL）中解析出来</li>
<li>web浏览器通过解析后的ip地址及端口号与web服务器之间建立一条TCP连接</li>
<li>建立TCP连接后，web浏览器向web服务器发送一条HTTP请求报文</li>
<li>web服务器响应并读取浏览器的请求信息，然后返回一条HTTP响应报文</li>
<li>web服务器关闭HTTP连接，关闭TCP连接，web浏览器显示访问的网站内容到屏幕上</li>
</ol>
<h3 id="4-www服务器的类型"><a href="#4-www服务器的类型" class="headerlink" title="4.www服务器的类型:"></a>4.www服务器的类型:</h3><ul>
<li>仅提供用户浏览的单向静态网页:<ul>
<li>单纯是由服务器<strong>单向提供数据给客户端</strong>，Server<strong>不需要与client端有互动</strong>，所以你可以到该网站上去浏览，但是无法进行数据的上传</li>
</ul>
</li>
<li>提供用户互动接口的动态网站:<ul>
<li>这种类型的网站<strong>可以</strong>让服务器与用户<strong>互动</strong>，常见的例如留言板，博客。这种类型的网站需要通过“网页程序语言”来实现与用户互动的行为。常见的例如：PHP网页程序语言，配合数据库系统来进行数据的读、写。当你在向服务器请求数据时，其实是通过服务器端同一个网页程序在负责将数据读出或写入数据库，变动的是数据库的内容，网页程序并没有任何改变</li>
<li>另外一种交互式的动态网页主要是在客户端实现。服务端将可执行的程序代码（JavaScript）传送给客户端，客户端的浏览器如果提供JavaScript的功能，那么该程序就可以在客户端的计算机上面工作了；另外一种可在客户端执行的就是flash动画格式，在这种动画格式内还可以进行程序设计</li>
<li><strong>搭建动态网站的需求</strong>：<ol>
<li>可支持的操作系统：让所有需要的软件都能够进行安装。</li>
<li>可运行的www服务器：例如Apache。</li>
<li>网页程序语言：Perl（Practical Extraction and Report Language，实用报表提取语言）、PHP（Hypertext Preprocessor，超文本预处理器，是一种通用开源脚本语言）、JSP（Java Server Pages，java服务器页面）、CGI(Common Gateway Interface，公共网关接口)、ASP（Active Server Pages，动态服务器页面）。</li>
<li>数据存储的数据库系统 :MySQL、MSSQL、Oracle等。</li>
</ol>
</li>
<li><strong>LAMP</strong>（linux+Apache+MySQL+PHP）<ul>
<li>Apache主要提供www的服务器平台</li>
<li>MySQL：传统的文件读取是很麻烦的，如果你只要读取该文件当中的一小部分，系统还是会将整个文件读出来，若又有人同时读取同一个文件时，那就会造成效率与系统上的问题，所以才会有数据库系统的推出。数据库其实是一种特殊格式的文件，这种文件要通过特殊接口（数据库软件）来进行读写。由于这个特殊接口已经针对数据的查询、写入做过优化设计，因此很适合多人同时写入与查询工作</li>
<li>PHP：PHP可以被用来建立动态网页，PHP程序代码可以直接在HTML网页当中嵌入，就像编辑HTML网页一样简单。PHP是一种“程序语言”，这种程序语言可以直接在网页当中编写，不需要经过编译即可执行</li>
</ul>
</li>
</ul>
</li>
</ul>
<h3 id="5-www服务器的安装"><a href="#5-www服务器的安装" class="headerlink" title="5.www服务器的安装:"></a>5.www服务器的安装:</h3><ul>
<li><p>服务器端：在linux上面实现网页服务器需要Apache这套服务器软件，httpd提供Apache主程序 <a target="_blank" rel="noopener" href="http://httpd.apache.org/docs/2.4/">http://httpd.apache.org/docs/2.4/</a></p>
</li>
<li><p>安装软件：httpd</p>
<ul>
<li><p>卸载httpd：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">rpm -ql httpd</span><br></pre></td></tr></table></figure>
</li>
<li><p>安装httpd：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install -y httpd </span><br></pre></td></tr></table></figure>
</li>
<li><p>查看httpd文件结构：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">tree /etc/httpd</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line">├── conf           # 存放的主配置文件</span><br><span class="line">│   ├── httpd.conf            </span><br><span class="line">│   └── magic</span><br><span class="line">├── conf.d         # 存放额外的配置文件： 必须以.conf为后缀才生效</span><br><span class="line">│   ├── autoindex.conf        # 额外的参数文件</span><br><span class="line">│   ├── README                # 额外的参数文件</span><br><span class="line">│   ├── userdir.conf          # 额外的参数文件</span><br><span class="line">│   └── welcome.conf          # 默认首页得配置文件</span><br><span class="line">├── conf.modules.d # 存放有关模块的配置文件， 必须以.conf后缀才生效</span><br><span class="line">│   ├── 00-base.conf</span><br><span class="line">│   ├── 00-dav.conf</span><br><span class="line">│   ├── 00-lua.conf</span><br><span class="line">│   ├── 00-mpm.conf</span><br><span class="line">│   ├── 00-proxy.conf</span><br><span class="line">│   ├── 00-systemd.conf</span><br><span class="line">│   └── 01-cgi.conf</span><br><span class="line">├── logs -&gt; ../../var/log/httpd                    # logs: 日志存放的位置</span><br><span class="line">├── modules -&gt; ../../usr/lib64/httpd/modules       # modules： 指定httpd相关模块存放的路径    </span><br><span class="line">└── run -&gt; /run/httpd                              # run： 运行的一些信息</span><br><span class="line">└── state -&gt;                                       # state： 状态的一些信息</span><br></pre></td></tr></table></figure>
</li>
<li><p>如果你不想要修改原始配置文件httpd.conf的话，那么你可以将你自己的额外参数文件独立出来，例如你想要有自己的额外设置值，可以将它写入&#x2F;etc&#x2F;httpd&#x2F;conf.d&#x2F;zhuji.conf（注意，扩展名一定是.conf），而启动Apache时，这个文件就会被读入主要配置文件当中了</p>
</li>
<li><p>默认的首页所在目录&#x2F;var&#x2F;www&#x2F;html&#x2F;，当输入网址时所显示的数据，就是放在这个目录当中的首页文件（默认为index.html）</p>
</li>
<li><p>默认给一些可执行的CGI（网页程序）程序放置的目录&#x2F;var&#x2F;www&#x2F;cgi-bin&#x2F;，当输入网址&#x2F;cgi-bin&#x2F;时所显示的数据所在</p>
</li>
<li><p>默认的Apache日志文件都放在&#x2F;var&#x2F;log&#x2F;httpd&#x2F;，对于流量比较大的网站来说，一个星期的日志文件的数据可以达到1GB左右</p>
</li>
</ul>
</li>
</ul>
<h3 id="6-配置文件-："><a href="#6-配置文件-：" class="headerlink" title="6.配置文件:："></a>6.配置文件:：</h3><ul>
<li><p>修改主配置文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/httpd/conf/httpd.conf</span><br></pre></td></tr></table></figure>
</li>
<li><p>文件内容：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br><span class="line">92</span><br><span class="line">93</span><br><span class="line">94</span><br><span class="line">95</span><br><span class="line">96</span><br></pre></td><td class="code"><pre><span class="line">ServerRoot &quot;/etc/httpd&quot;                 #http服务的顶级目录为/etc/httpd</span><br><span class="line">42 Listen 80		#监听在80端口,80为web服务器的默认端口</span><br><span class="line">56 Include conf.modules.d/*.conf     #包括/etc/httpd/conf.modules.d/*.conf的所有文件</span><br><span class="line">66 User apache		#服务的用户（ps -ef | grep httpd，先以root用户把/usr/sbin/httpd服务启动起来）。启动服务后转换的身份，在启动服务时通常以root身份，然后转换身份，这样增加系统安全</span><br><span class="line">67 Group apache</span><br><span class="line">86 ServerAdmin root@localhost		#你的邮箱，有事的时候给你发邮件</span><br><span class="line">95 #ServerName www.example.com:80    ServerName 0.0.0.0:80匹配任意IP地址，监听端口在80端口</span><br><span class="line">注：默认是不需要指定的，服务器通过名字解析过程来获得自己的名字，但如果解析有问题（如反向解析不正确），或者没有DNS名字，也可以在这里指定ip地址，当这项不正确的时候服务器不能正常启动。解决办法就是启动该项把www.example.com：80修改为自己的域名或者直接修改为localhost</span><br><span class="line"> </span><br><span class="line">102 &lt;Directory /&gt;    #目录为根，&lt;&gt;为起始标志，&lt;/&gt;为结束标志</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">AllowOverride：是否允许额外配置文件</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">参数：</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">None: 不可复写,ALL: 全部的权限均可被复写；</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">AuthConfig: 仅有网页认证(账号密码)可复写,允许使用与认证授权相关的指令,Indexes: 仅允许Indexes方面的复写</span></span><br><span class="line">103     AllowOverride none 	</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">Require：设置客户端的访问权限</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">参数：</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">all denied拒绝所有人，all granted允许所有来源访问，<span class="built_in">expr</span> expression <span class="comment">#允许表达式为true时访问</span></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">ip [] <span class="comment">#允许 特定IP段访问，多个段之前用空格隔开,host splaybow.com #只允许来自域名splaybow.com的主机访问</span></span></span><br><span class="line">104     Require all denied 		</span><br><span class="line">105 &lt;/Directory&gt;        #和&lt;Directory /&gt;是一组标签，目录控制容器</span><br><span class="line"> </span><br><span class="line">119 DocumentRoot &quot;/var/www/html&quot;			#网页文件存放的目录</span><br><span class="line"> </span><br><span class="line">124 &lt;Directory &quot;/var/www&quot;&gt;</span><br><span class="line">125     AllowOverride None</span><br><span class="line">126     # Allow open access:</span><br><span class="line">127     Require all granted</span><br><span class="line">128 &lt;/Directory&gt;</span><br><span class="line"> </span><br><span class="line">131 &lt;Directory &quot;/var/www/html&quot;&gt;</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">options: 配置在directory中，还是设置目录的权限</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">参数：</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">All：除MultiViews之外的所有特性，这是默认设置；ExecCGI 　允许使用mod_cgi执行CGI脚本</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">FollowSymLinks：服务器允许在此目录中使用符号连接，如果此配置位于&lt;Location&gt;配置段中，则会被忽略</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">Includes：允许使用mod_include提供的服务器端包含</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">IncludesNOEXEC：允许服务器端包含，但禁用<span class="string">&quot;#exec cmd&quot;</span>和<span class="string">&quot;#exec cgi&quot;</span>，但仍可以从ScriptAlias目录使用<span class="string">&quot;#include virtual&quot;</span>虚拟CGI脚本</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">Indexes：如果一个映射到目录的URL被请求，而此目录中又没有DirectoryIndex(例如：index.html)，那么服务器会返回由mod_autoindex生成的一个格式化后的目录列表</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">MultiViews：允许使用mod_negotiation提供内容协商的<span class="string">&quot;多重视图&quot;</span>(MultiViews)</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">SymLinksIfOwnerMatch 　服务器仅在符号连接与其目的目录或文件的拥有者具有相同的uid时才使用它。 如果此配置出现在&lt;Location&gt;配置段中，则将被忽略</span></span><br><span class="line">144     Options Indexes FollowSymLinks   #索引，跟踪软链接</span><br><span class="line">151     AllowOverride None</span><br><span class="line">156     Require all granted</span><br><span class="line">157 &lt;/Directory&gt;</span><br><span class="line"> </span><br><span class="line">163 &lt;IfModule dir_module&gt;		#加载一个目录模块，IfModule如果模块存在执行</span><br><span class="line">164     DirectoryIndex index.html      # 指定首页页面，如果找不到，展示默认页面</span><br><span class="line">165 &lt;/IfModule&gt;</span><br><span class="line"> </span><br><span class="line">171 &lt;Files &quot;.ht*&quot;&gt;		#不能访问.ht*的文件</span><br><span class="line">172     Require all denied</span><br><span class="line">173 &lt;/Files&gt;</span><br><span class="line">182 ErrorLog &quot;logs/error_log&quot;     # 报错日志文件</span><br><span class="line">189 LogLevel warn                 # 日志级别</span><br><span class="line">191 &lt;IfModule log_config_module&gt;	</span><br><span class="line"><span class="meta prompt_">	#</span><span class="language-bash">日志配置模块 /var/log/httpd，日志模块：通过时间节点去记录（man <span class="built_in">date</span>）</span></span><br><span class="line">196     LogFormat &quot;%h %l %u %t \&quot;%r\&quot; %&gt;s %b \&quot;%&#123;    Referer&#125;i\&quot; \&quot;%&#123;User-Agent&#125;i\&quot;&quot; combined</span><br><span class="line">197     LogFormat &quot;%h %l %u %t \&quot;%r\&quot; %&gt;s %b&quot; com    mon</span><br><span class="line">198 </span><br><span class="line">199     &lt;IfModule logio_module&gt;</span><br><span class="line">201       LogFormat &quot;%h %l %u %t \&quot;%r\&quot; %&gt;s %b \&quot;    %&#123;Referer&#125;i\&quot; \&quot;%&#123;User-Agent&#125;i\&quot; %I %O&quot; combi    nedio</span><br><span class="line">202     &lt;/IfModule&gt;</span><br><span class="line">217     CustomLog &quot;logs/access_log&quot; combined</span><br><span class="line">218 &lt;/IfModule&gt;</span><br><span class="line"> </span><br><span class="line"> </span><br><span class="line">220 &lt;IfModule alias_module&gt;		#别名模块</span><br><span class="line">        Redirect permanent /foo http://www.example.com/bar    # 重定向</span><br><span class="line">        Alias /webpath /path          # 资源别名：/webpath：url的资源位置，/path：服务器的绝对路径</span><br><span class="line">247     ScriptAlias /cgi-bin/ &quot;/var/www/cgi-bin/&quot;      # 脚本别名</span><br><span class="line">248 </span><br><span class="line">249 &lt;/IfModule&gt;</span><br><span class="line">cgi（通用网关接口）是web服务器运行时外部程序的规范，按cgi编写的程序可以扩展服务器的功能。cgi应用程序能与浏览器进行交互，还可通过数据库API与数据库服务器等外部数据源进行通信，从数据库服务器中获取数据</span><br><span class="line"> </span><br><span class="line">255 &lt;Directory &quot;/var/www/cgi-bin&quot;&gt;</span><br><span class="line">256     AllowOverride None</span><br><span class="line">257     Options None</span><br><span class="line">258     Require all granted</span><br><span class="line">259 &lt;/Directory&gt;</span><br><span class="line">261 &lt;IfModule mime_module&gt;    #多用途互联网邮件扩展模块</span><br><span class="line">266     TypesConfig /etc/mime.types      # minme数据类型文件</span><br><span class="line">283     AddType application/x-compress .Z     # 添加minme类型</span><br><span class="line">284     AddType application/x-gzip .gz .tgz</span><br><span class="line">305     AddType text/html .shtml</span><br><span class="line">306     AddOutputFilter INCLUDES .shtml      # 添加输出过滤器</span><br><span class="line">307 &lt;/IfModule&gt;</span><br><span class="line"></span><br><span class="line">ErrorDocument 500 &quot;The server made a boo boo.&quot;   # 出现响应状态为500时，显示内容</span><br><span class="line">ErrorDocument 404 /missing.html          # 出现响应状态为404时，跳转页面</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">mime多用途互联网邮件扩展类型，是设定某种扩展名的文件用一种应用程序来打开的方式类型，当该扩展名文件被访问时，浏览器会自动使用指定应用程序来打开。多用于指定一些客户端自定义的文件名，以及一些媒体文件打开方式。</span> </span><br><span class="line">316 AddDefaultCharset UTF-8  # 默认字符集</span><br><span class="line">318 &lt;IfModule mime_magic_module&gt;</span><br><span class="line">324     MIMEMagicFile conf/magic</span><br><span class="line">325 &lt;/IfModule&gt;</span><br><span class="line">348 EnableSendfile on</span><br><span class="line">353 IncludeOptional conf.d/*.conf</span><br></pre></td></tr></table></figure>
</li>
<li><p>首页配置文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/httpd/conf.d/welcome.conf</span><br></pre></td></tr></table></figure>
</li>
<li><p>配置文件内容：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash"><span class="comment"># LocationMatch: 路径匹配，^: 代表以....开始，$: 代表以....结束，$: 代表以....结束，+: 代表的是/重复1次或任意多次</span></span></span><br><span class="line">&lt;LocationMatch &quot;^/+$&quot;&gt;     </span><br><span class="line">    Options -Indexes</span><br><span class="line">    ErrorDocument 403 /.noindex.html</span><br><span class="line">&lt;/LocationMatch&gt;</span><br><span class="line"></span><br><span class="line">&lt;Directory /usr/share/httpd/noindex&gt;</span><br><span class="line">    AllowOverride None</span><br><span class="line">    Require all granted</span><br><span class="line">&lt;/Directory&gt;</span><br><span class="line"></span><br><span class="line">Alias /.noindex.html /var/www/html/baidu.html</span><br><span class="line">Alias /poweredby.png /usr/share/httpd/icons/apache_pb3.png</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="7-搭建基于http协议的静态网站："><a href="#7-搭建基于http协议的静态网站：" class="headerlink" title="7.搭建基于http协议的静态网站："></a>7.搭建基于http协议的静态网站：</h3><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">echo hello world &gt; /var/www/html/index.html</span><br><span class="line">curl 192.168.126.140      # 测试</span><br></pre></td></tr></table></figure>

<h3 id="8-搭建两个不同IP地址的静态网站："><a href="#8-搭建两个不同IP地址的静态网站：" class="headerlink" title="8.搭建两个不同IP地址的静态网站："></a>8.搭建两个不同IP地址的静态网站：</h3><ul>
<li><p>添加两个IP地址</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">nmcli c modify ens160 +ipv4.addresses 192.168.73.149/24</span><br><span class="line">nmcli connection up ens160      # 重启</span><br></pre></td></tr></table></figure>
</li>
<li><p>创建两个不同页面目录，用于存放html等网页信息；并创建首页信息</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">mkdir /var/www/host</span><br><span class="line">echo this is host &gt; /var/www/host/index.html</span><br></pre></td></tr></table></figure>
</li>
<li><p>在conf.d配置目录中添加虚拟主机的配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/httpd/conf.d/host.conf</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">格式如下</span></span><br><span class="line">&lt;Directory &quot;/var/www/host3&quot;&gt;</span><br><span class="line">    AllowOverride None</span><br><span class="line">    require all granted</span><br><span class="line">&lt;/Directory&gt;</span><br><span class="line"></span><br><span class="line">&lt;VirtualHost 192.168.73.148:80&gt;</span><br><span class="line">    DocumentRoot  &quot;/var/www/host3&quot;</span><br><span class="line">&lt;/VirtualHost&gt;</span><br></pre></td></tr></table></figure>
</li>
<li><p>重启httpd服务</p>
</li>
</ul>
<h3 id="9-搭建两个不同端口号的静态网站："><a href="#9-搭建两个不同端口号的静态网站：" class="headerlink" title="9.搭建两个不同端口号的静态网站："></a>9.搭建两个不同端口号的静态网站：</h3><ul>
<li><p>完成不同IP网站的配置后</p>
</li>
<li><p>查看端口使用情况：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ss -tnl</span><br></pre></td></tr></table></figure>
</li>
<li><p>修改虚拟主机配置文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/httpd/conf.d/host.conf</span><br></pre></td></tr></table></figure>
</li>
<li><p>添加新增监听端口：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">格式1如下</span></span><br><span class="line">Listen 1000   # 只监视端口号</span><br><span class="line"></span><br><span class="line">&lt;VirtualHost 192.168.73.148:1000&gt;</span><br><span class="line">    DocumentRoot &quot;/var/www/host3&quot;</span><br><span class="line">&lt;/VirtualHost&gt;</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">格式2如下</span></span><br><span class="line">Listen 192.168.73.148:1000     # 监视IP+端口号</span><br><span class="line"></span><br><span class="line">&lt;VirtualHost 192.168.73.148:1000&gt;</span><br><span class="line">    DocumentRoot &quot;/var/www/host3&quot;</span><br><span class="line">&lt;/VirtualHost&gt;</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="10-搭建两个基于域名访问的网站："><a href="#10-搭建两个基于域名访问的网站：" class="headerlink" title="10.搭建两个基于域名访问的网站："></a>10.搭建两个基于域名访问的网站：</h3><ul>
<li><p><strong>域名解析</strong>：浏览器如何通过域名去查询URL对应的IP（对应服务器地址）</p>
<ul>
<li><p>浏览器缓存：浏览器会按照一定的频率缓存DNS记录</p>
</li>
<li><p>操作系统缓存：如果浏览器缓存中找不到需要的DNS记录，那就去操作系统中的hosts文件找（加端口号无效）</p>
<ul>
<li>windows下的hosts文件路径：C:\Windows\System32\drivers\etc\hosts</li>
<li>Linux下的hosts文件路径:&#x2F;etc&#x2F;hosts</li>
</ul>
</li>
<li><p>路由缓存：路由器也有DNS缓存</p>
</li>
</ul>
</li>
<li><p>配置：</p>
<ol>
<li><p>完成基于不同IP的网站配置后</p>
</li>
<li><p>修改虚拟主机的配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/httpd/conf.d/host.conf</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">格式如下</span></span><br><span class="line">&lt;VirtualHost 192.168.73.148:80&gt;</span><br><span class="line">    DocumentRoot  &quot;/var/www/host3&quot;</span><br><span class="line">    ServerName www.qv147.com      # 域名</span><br><span class="line">&lt;/VirtualHost&gt;</span><br></pre></td></tr></table></figure>
</li>
<li><p>在客户端的hosts域名文件中添加域名：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">使用powershells打开 C:\Windows\System32\drivers\etc\</span></span><br><span class="line"><span class="language-bash"><span class="comment"># 使用notepad hosts笔记本打开文件</span></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line">127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4</span><br><span class="line">::1         localhost localhost.localdomain localhost6 localhost6.localdomain6</span><br><span class="line"></span><br><span class="line">192.168.73.148   www.qv147.com</span><br></pre></td></tr></table></figure></li>
</ol>
</li>
</ul>
<h3 id="11-搭建基于https协议的静态网站："><a href="#11-搭建基于https协议的静态网站：" class="headerlink" title="11.搭建基于https协议的静态网站："></a>11.搭建基于<strong>https协议</strong>的静态网站：</h3><ul>
<li><p><strong>超文本传输协议HTTP协议</strong>被用于在Web浏览器和网站服务器之间传递信息。</p>
</li>
<li><p>HTTP协议以明文方式发送内容，不提供任何方式的数据加密，如果攻击者截取了Web浏览器和网站服务器之间的传输报文，就可以直接读懂其中的信息，因此HTTP协议不适合传输一些敏感信息，比如信用卡号、密码等。为了解决HTTP协议的这一缺陷</p>
</li>
<li><p>需要使用另一种协议：安全套接字层超文本传输协议HTTPS</p>
</li>
<li><p><strong>HTTPS</strong>（全称：Hyper Text Transfer Protocol over Secure Socket Layer 或 Hypertext Transfer Protocol Secure，<strong>超文本传输安全协议</strong>），是以安全为目标的HTTP通道。HTTPS并不是一个新协议，而是<strong>HTTP+SSL（TLS）</strong>。原本HTTP先和TCP（假定传输层是TCP协议）直接通信，而加了SSL后，就变成HTTP先和SSL通信，再由SSL和TCP通信，相当于<strong>SSL被嵌在了HTTP和TCP之间</strong></p>
</li>
<li><p><strong>SSL</strong> 是“Secure Sockets Layer”的缩写，中文叫做“<strong>安全套接层</strong>”。它是在上世纪90年代中期，由网景公司设计的。到了1999年，SSL 应用广泛，已经成为互联网上的事实标准。IETF 就把SSL 标准化。<strong>标准化之后SSL被改为 TLS</strong>（Transport Layer Security<strong>传输层安全协议</strong>）</p>
</li>
<li><p>TLS的工作过程：</p>
<ul>
<li><h3 id="阶段一："><a href="#阶段一：" class="headerlink" title="阶段一："></a>阶段一：</h3><ul>
<li><p>客户端向服务端发送<strong>Client Hello</strong>报文，打招呼</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">- Random Bytes：客户端产生的随机数random_c，用于生成最终密钥</span><br><span class="line">- Session ID：会话标识符</span><br><span class="line">- Cipher Suites：加密套件</span><br><span class="line">  - ECDHE_ECDSA：秘钥交换算法</span><br><span class="line">  - AES_128：对称加密的算法</span><br><span class="line">  - GCM_SHA256：HASH算</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
<li><h3 id="阶段二：可以合并为一个报文"><a href="#阶段二：可以合并为一个报文" class="headerlink" title="阶段二：可以合并为一个报文"></a>阶段二：可以合并为一个报文</h3><ul>
<li><p>服务端选择合适的加密套件，向客户端发送<strong>Server Hello</strong>报文进行回复</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">- Random Bytes：服务器生成的随机数random_s</span><br><span class="line">- Cipher Suites：服务器选择的加密套件</span><br></pre></td></tr></table></figure>
</li>
<li><p>服务端向客户端发送<strong>Certificate</strong>报文，其中有自己的数字证书（包含自己服务器的公钥），以实现验证身份</p>
</li>
<li><p>服务端向客户端发送<strong>Server Key Exchange</strong>报文，其中有基于选择的加密套件生成的公钥，用于协商出对称加密的密钥</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">- EC Diffie-Hellman：服务器和浏览器是通过Diffie-Hellman算法来生成最终的密钥</span><br><span class="line">- Pubkey：服务器向客户端发送了Pubkey这个随机数</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">客户端已经拥有了三个随机数，可以运行Diffie-Hellman算法生成Premaster secret(最终的会话密钥)</span></span><br></pre></td></tr></table></figure>
</li>
<li><p>服务端向客户端发送<strong>Server Hello Done</strong>报文，表示响应结束</p>
</li>
</ul>
</li>
<li><h3 id="阶段三："><a href="#阶段三：" class="headerlink" title="阶段三："></a>阶段三：</h3><ul>
<li>客户端向服务端发送<strong>Client Key Exchange</strong>报文，包含自己生成的公钥，用于协商出对称加密的密钥</li>
<li>客户端向服务端发送<strong>Change Cipher Spec</strong>报文，包含变更密码规范，告知对方以后的通信都是基于AES加密的</li>
<li>客户端向服务端发送<strong>Finished</strong>报文，表示发送完毕</li>
</ul>
</li>
<li><h3 id="阶段四："><a href="#阶段四：" class="headerlink" title="阶段四："></a>阶段四：</h3><ul>
<li>服务端向客户端发送<strong>Change Cipher Spec</strong>报文，包含变更密码规范，告知对方以后的通信都是基于AES加密的</li>
<li>服务端向客户端发送<strong>Finished</strong>报文，表示发送完毕</li>
</ul>
</li>
</ul>
</li>
<li><p>SSL协议分为两层：</p>
<ul>
<li>SSL记录协议 （SSL Record Protocol）：它建立在可靠的传输协议（如TCP）之上，为高层协议提供数据封装、压缩、加密等基本功能</li>
<li>SSL握手协议（SSL Handshake Protocol）：<strong>它建立在SSL记录协议之上</strong>，用于在实际的数据传输开始前，通讯双方进行身份认证、协商加密算法、交换加密密钥等</li>
</ul>
</li>
<li><p>SSL协议提供的服务:</p>
<ol>
<li>认证用户和服务器，确保数据发送到正确的<a target="_blank" rel="noopener" href="https://baike.baidu.com/item/%E5%AE%A2%E6%88%B7%E6%9C%BA">客户机</a>和服务器</li>
<li>加密数据以防止数据中途被窃取</li>
<li>维护数据的完整性，确保数据在传输过程中不被改变</li>
</ol>
</li>
<li><p>HASH算法：</p>
<ul>
<li><strong>HASH</strong>是把任意长度的输入（又叫做预映射pre-image）通过散列算法变换成固定长度的输出，该输出就是散列值。</li>
<li>Hash算法特别的地方在于它是一种单向算法，用户可以通过hash算法对目标信息生成一段特定长度的唯一hash值，却不能通过这个hash值重新获得目标信息。</li>
<li>因此Hash算法常用在不可还原的密码存储、信息完整性校验等</li>
<li>常见的HASH算法：MD2、MD4、MD5、HAVAL、SHA、SHA-1、HMAC、HMAC-MD5、HMAC-SHA1</li>
</ul>
</li>
<li><p>对称加密算法：DES、3DES、DESX、Blowfish、IDEA、RC4、RC5、RC6和AES</p>
</li>
<li><p>常见的非对称加密算法：RSA、ECC（移动设备用）、Diffie-Hellman、El Gamal、DSA（数字签名用）</p>
</li>
<li><p>CA就是一个公认的公证单位（证书授权）</p>
<ul>
<li>你可以自行产生一把密钥且制作出必要的证书数据并向CA单位注册，那么当客户端的浏览器在浏览时，该浏览器会主动向CA单位确认该证书是否为合法注册过</li>
<li>如果是，那么该次连接才会建立，如果不是，浏览器会发出警告信息，告知用户应避免建立连接</li>
<li>所以说，如此一来WWW服务器不但有公证单位的证书，用户在建立连接时也比较有保障</li>
</ul>
</li>
<li><p><strong>X.509</strong>通用的证书格式包含三个文件：key，csr，crt</p>
<ul>
<li>KEY：<strong>私钥</strong>文件</li>
<li>CSR：服务器向第三方机构申请证书</li>
<li><strong>CRT</strong>：是由证书颁发机构（CA）<strong>签名后的证书</strong>，或者是开发者自签名的证书，包含证书持有人的信息，持有人的公钥，以及签署者的签名等信息</li>
</ul>
</li>
<li><p>.pem: 证书，</p>
</li>
<li><p>证书申请及使用流程：</p>
<p><img src="C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20230211192148560.png" alt="image-20230211192148560"></p>
</li>
<li><p>mod_ssl是一种以openssl 的工具箱为基础专门为apache webserver 提供密码保护的软件</p>
</li>
<li><p>配置：</p>
<ul>
<li><p>安装mod_ssl：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">yum install -y mod_ssl </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">将在/etc/httpd/conf.d目录下产生ssl.conf的配置文件</span></span><br></pre></td></tr></table></figure>
</li>
<li><p>搭建CA服务器：</p>
<ul>
<li><p>机构生成私钥：ca.key文件</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">openssl genrsa -out [机构名.key] [字节数]    # 在当前目录文件下</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">例：openssl genrsa -out ca.key 2048</span></span><br></pre></td></tr></table></figure>
</li>
<li><p>机构生成RSA公钥：ca.pub文件</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">openssl rsa -in [机构名.key] -pubout -out [机构名.pub]    # 在当前目录文件下</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">例：openssl rsa -<span class="keyword">in</span> ca.key -pubout -out ca.pub</span></span><br></pre></td></tr></table></figure>
</li>
<li><p>生成CA机构的证书：ca.crt文件</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">openssl req -new [证书版本] -days [证书有效天数] -key [机构私钥] -out [机构证书] </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">例：openssl req -new -x509 -days 36500 -key ca.key -out ca.crt</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">问题：国家，省份，城市，组织名，组织单位，公用名，邮箱</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">参数</span></span><br><span class="line">-req：是证书请求的子命令</span><br><span class="line">-out: 输出证书</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
<li><p>为服务器签发证书：</p>
<ul>
<li><p>生成私钥：server.key文件</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">openssl genrsa -out [服务名.key] [字节数]</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">例：openssl genrsa -out server.key 2048</span></span><br></pre></td></tr></table></figure>
</li>
<li><p>生成申请文件：server.csr文件</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">openssl req -new -key [服务名.key] -out [服务名.csr]</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">例：openssl req -new -key server.key -out server.csr</span></span><br></pre></td></tr></table></figure></li>
</ul>
</li>
<li><p>将申请文件提交给CA机构，让CA机构签发证书：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">openssl [证书版本] -req -days [证书有效天数] -in [申请文件] -CA [机构证书] -CAkey [机构私钥] -CAcreateserial -out [签发后的证书]</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">例：openssl x509 -req -days 36500 -<span class="keyword">in</span> server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">参数：</span></span><br><span class="line">-req: 说明输入是一个证书申请文件</span><br><span class="line">-in:  指定申请文件</span><br><span class="line">-CA: 指定CA机构的证书</span><br><span class="line">-CAkey: 指定CA结构的私钥</span><br><span class="line">-CAcreateserial: CA创建序列号：唯一标识</span><br><span class="line">-out: 输出证书</span><br></pre></td></tr></table></figure>
</li>
<li><p>创建虚拟主机目录，添加内容到index.html</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">echo this is https website &gt; /var/www/host4/index.html</span><br></pre></td></tr></table></figure>
</li>
<li><p>创建一个配置文件myssl文件，修改ssl配置文件内容：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/httpd/conf.d/myssl.conf</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容：</span></span><br><span class="line">&lt;VirtualHost _default_:443&gt;</span><br><span class="line">    SSLEngine on                                         # 此虚拟机启动还是禁止</span><br><span class="line">    SSLProtocol all -SSLv3                               # ssl协议的版本</span><br><span class="line">    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA   # 密码套件，列出允许客户端协商的密码</span><br><span class="line">    SSLCipherSuite PROFILE=SYSTEM                        # 密码套件</span><br><span class="line">    SSLCertificateFile /root/ssl/server.crt          # 指定服务器的证书路径</span><br><span class="line">    SSLCertificateKeyFile /root/ssl/server.key       # 指定服务器的密钥文件路径</span><br><span class="line">    DocumentRoot &quot;/var/www/host4&quot;</span><br><span class="line">    ServerName 192.168.73.150</span><br><span class="line">&lt;/VirtualHost&gt;</span><br></pre></td></tr></table></figure>
</li>
<li><p>重启服务：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl restart httpd</span><br></pre></td></tr></table></figure>
</li>
<li><p>在主机的域名配置文件C:\Windows\System32\drivers\etc\hosts添加内容</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">192.168.73.150 www.qv369.com</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
</ul>
<h3 id="12-搭建基于虚拟目录和用户控制的网站："><a href="#12-搭建基于虚拟目录和用户控制的网站：" class="headerlink" title="12.搭建基于虚拟目录和用户控制的网站："></a>12.搭建基于虚拟目录和用户控制的网站：</h3><ul>
<li><p>搭建虚拟目录：</p>
<ul>
<li><p>创建虚拟主机访问目录和输入index.html内容</p>
</li>
<li><p>修改虚拟主机配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/httpd/conf.d/host.conf</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line">&lt;VirtualHost 192.168.73.101:80&gt;</span><br><span class="line">    DocumentRoot &quot;/var/www/host5&quot;</span><br><span class="line">    # alias别名： 针对的是：浏览器中输入URL， URL的路径path的那一部分映射到Linux上真正的目录</span><br><span class="line">    # /host：URL地址栏输入的目录，/var/www/host5：映射到服务器真正的目录</span><br><span class="line">    alias /host &quot;/var/www/host5&quot;     </span><br><span class="line">&lt;/VirtualHost&gt;</span><br></pre></td></tr></table></figure>
</li>
<li><p>重启服务</p>
</li>
</ul>
</li>
<li><p>配置用户控制：</p>
<ul>
<li><p>创建和修改密码文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">cd /usr/local/http_dir</span><br><span class="line">mkdir mypasswd</span><br><span class="line">htpasswd -c /usr/local/http_dir/mypasswd [用户名]     # -c：create创建</span><br><span class="line">htpasswd  /etc/httpd/mymima xiaohong               # 修改</span><br></pre></td></tr></table></figure>
</li>
<li><p>创建虚拟主机访问目录和输入index.html内容</p>
</li>
<li><p>修改虚拟主机配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/httpd/conf.d/host.conf</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line">&lt;Directory &quot;/var/www/host5&quot;&gt;</span><br><span class="line">    AuthType Basic                              # 基本认证类型</span><br><span class="line">    AuthName &quot;Please login:192.168.73.101&quot;      # 提示信息</span><br><span class="line">    AuthUserFile /usr/local/http_dir/mypasswd   # 用户认证文件的用户名和密码指定的文件路径</span><br><span class="line">    Require user qv123                          # 指定用户可以访问该服务器</span><br><span class="line">&lt;/Directory&gt;</span><br></pre></td></tr></table></figure>
</li>
<li><p>重启服务</p>
</li>
</ul>
</li>
</ul>
<h3 id="13-搭建动态网站："><a href="#13-搭建动态网站：" class="headerlink" title="13.搭建动态网站："></a>13.搭建动态网站：</h3><ul>
<li><p>CGI程序的标准输入：</p>
<p>- </p>
</li>
<li><p>CGI程序的标准输出：</p>
</li>
<li><p>图示：</p>
<img src="C:\Users\user\AppData\Roaming\Typora\typora-user-images\image-20230109120216268.png" alt="image-20230109120216268" style="zoom:67%;" />
</li>
<li><p>配置：</p>
<ul>
<li><p>修改配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/httpd/conf.d/host.conf</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line">&lt;Directory &quot;/var/www/host7&quot;&gt;</span><br><span class="line">    AllowOverride None</span><br><span class="line">    require all granted</span><br><span class="line">    Options +ExecCGI              # 此目录下的文件增加执行的权限</span><br><span class="line">    AddHandler cgi-script .cgi    # ？</span><br><span class="line">&lt;/Directory&gt;</span><br><span class="line"></span><br><span class="line">&lt;VirtualHost 192.168.73.102:80&gt;</span><br><span class="line">    DocumentRoot  &quot;/var/www/host7&quot;</span><br><span class="line">&lt;/VirtualHost&gt;</span><br></pre></td></tr></table></figure>
</li>
<li><p>在虚拟主机访问目录下创建cgi后缀的文件：test.cgi</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">Vim /var/www/cgi-bin/test.sh</span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">! /bin/bash</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">状态行/响应行：web服务器会帮我们加载</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">响应头：返回数据内容的minme类型</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">空行</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">响应体</span></span><br><span class="line">printf &quot;Content-Type: text/html;charset=utf-8\n&quot;</span><br><span class="line">printf &quot;\n&quot;</span><br><span class="line">printf &quot;hellow worlds\n&quot;</span><br></pre></td></tr></table></figure>
</li>
<li><p>重启服务</p>
</li>
</ul>
</li>
</ul>
<h3 id="14-搭建论坛："><a href="#14-搭建论坛：" class="headerlink" title="14.搭建论坛："></a>14.搭建论坛：</h3><ol>
<li><p>上传Disuz源码包</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">链接：https://pan.baidu.com/s/1zx6MnNMQpPACeBz9Khrgog </span><br><span class="line">提取码：abcd</span><br></pre></td></tr></table></figure>
</li>
<li><p>安装httpd</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">   </span><br></pre></td></tr></table></figure>
</li>
<li><p>安装PHP相关的软件:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install -y php* </span><br></pre></td></tr></table></figure>
</li>
<li><p>安装数据库</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install -y mariadb </span><br></pre></td></tr></table></figure>
</li>
<li><p>重启数据库服务：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl restart mariadb</span><br></pre></td></tr></table></figure>
</li>
<li><p>配置数据库：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line">mysql_secure_installation</span><br><span class="line"># 配置如下</span><br><span class="line">Enter current password for root (enter for none): </span><br><span class="line"></span><br><span class="line">Set root password? [Y/n] Y</span><br><span class="line">New password: </span><br><span class="line">Re-enter new password: </span><br><span class="line"></span><br><span class="line">Remove anonymous users? [Y/n] Y</span><br><span class="line"></span><br><span class="line">Disallow root login remotely? [Y/n] n</span><br><span class="line"></span><br><span class="line">Remove test database and access to it? [Y/n] Y</span><br><span class="line"></span><br><span class="line">Reload privilege tables now? [Y/n] Y</span><br></pre></td></tr></table></figure>
</li>
<li><p>解压上传的Disuz源码包：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">unzip  Discuz_X3.4_SC_UTF8_20210520.zip [解压目录]</span><br></pre></td></tr></table></figure>
</li>
<li><p>设置权限：对这些目录的权限进行修改</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">cd upload</span><br><span class="line">chmod 777 -R config uc_client uc_server data</span><br></pre></td></tr></table></figure>
</li>
<li><p>重启httpd服务：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl restart httpd</span><br></pre></td></tr></table></figure>
</li>
<li><p>浏览器访问 <a target="_blank" rel="noopener" href="http://ip+/upload">http://IP+/upload</a> 安装</p>
</li>
</ol>
<h2 id="5-搭建Halo博客程序："><a href="#5-搭建Halo博客程序：" class="headerlink" title="5.搭建Halo博客程序："></a>5.搭建Halo博客程序：</h2><h3 id="1-安装JAVA："><a href="#1-安装JAVA：" class="headerlink" title="1.安装JAVA："></a>1.安装JAVA：</h3><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">sudo yum install java-11-openjdk -y</span><br><span class="line">java -version</span><br></pre></td></tr></table></figure>

<h3 id="2-安装mysql："><a href="#2-安装mysql：" class="headerlink" title="2.安装mysql："></a>2.安装mysql：</h3><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">docker run -id \</span><br><span class="line">-p 3307:3306 \</span><br><span class="line">--name=b_mysql \</span><br><span class="line">-v $PWD/conf:/etc/mysql/mysql.conf.d \       </span><br><span class="line">-v $PWD/logs:/var/logs \</span><br><span class="line">-v $PWD/data:/var/lib/mysql \</span><br><span class="line">-e MYSQL_ROOT_PASSWORD=$Rui123456 \</span><br><span class="line">mysql:8.0.32</span><br></pre></td></tr></table></figure>

<h3 id="3-安装halo："><a href="#3-安装halo：" class="headerlink" title="3.安装halo："></a>3.安装halo：</h3><ul>
<li><p>下载application.yaml模板：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">mkdir ~/.halo &amp;&amp; cd ~/.halo</span><br><span class="line">wget https://dl.halo.run/config/application-template.yaml -O ./application.yaml</span><br></pre></td></tr></table></figure>
</li>
<li><p>修改application.yaml配置文件：</p>
<figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br></pre></td><td class="code"><pre><span class="line"><span class="attr">server:</span></span><br><span class="line">  <span class="attr">port:</span> <span class="number">8090</span></span><br><span class="line"></span><br><span class="line">  <span class="comment"># Response data gzip.</span></span><br><span class="line">  <span class="attr">compression:</span></span><br><span class="line">    <span class="attr">enabled:</span> <span class="literal">false</span></span><br><span class="line"><span class="attr">spring:</span></span><br><span class="line">  <span class="attr">datasource:</span></span><br><span class="line"></span><br><span class="line">    <span class="comment"># H2 database configuration.</span></span><br><span class="line">    <span class="comment"># driver-class-name: org.h2.Driver</span></span><br><span class="line">    <span class="comment">#url: jdbc:h2:file:~/.halo/db/halo</span></span><br><span class="line">    <span class="comment">#username: admin</span></span><br><span class="line">    <span class="comment">#password: 123456</span></span><br><span class="line"></span><br><span class="line">    <span class="comment"># MySQL database configuration.</span></span><br><span class="line">    <span class="attr">driver-class-name:</span> <span class="string">com.mysql.cj.jdbc.Driver</span></span><br><span class="line">    <span class="attr">url:</span> <span class="string">jdbc:mysql://8.130.17.95:3307/halodb?characterEncoding=utf8&amp;useSSL=false&amp;serverTimezone=Asia/Shanghai&amp;allowPublicKeyRetrieval=true</span></span><br><span class="line">    <span class="attr">username:</span> <span class="string">root</span></span><br><span class="line">    <span class="attr">password:</span> <span class="string">&#x27;@Qv110119&#x27;</span></span><br><span class="line"></span><br><span class="line">  <span class="comment"># H2 database console configuration.</span></span><br><span class="line">  <span class="comment">#h2:</span></span><br><span class="line">  <span class="comment">#  console:</span></span><br><span class="line">  <span class="comment">#    settings:</span></span><br><span class="line">  <span class="comment">#      web-allow-others: false</span></span><br><span class="line">  <span class="comment">#    path: /h2-console</span></span><br><span class="line">  <span class="comment">#    enabled: false</span></span><br><span class="line"></span><br><span class="line"><span class="attr">halo:</span></span><br><span class="line"></span><br><span class="line">  <span class="comment"># Your admin client path is https://your-domain/&#123;admin-path&#125;</span></span><br><span class="line">  <span class="attr">admin-path:</span> <span class="string">admin</span></span><br><span class="line"></span><br><span class="line">  <span class="comment"># memory or level</span></span><br><span class="line">  <span class="attr">cache:</span> <span class="string">memory</span></span><br></pre></td></tr></table></figure>
</li>
<li><p>创建halo容器：</p>
<figure class="highlight yaml"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="string">docker</span> <span class="string">run</span> <span class="string">-it</span> <span class="string">-d</span> <span class="string">--name</span> <span class="string">halo</span> <span class="string">-p</span> <span class="number">8090</span><span class="string">:8090</span> <span class="string">-v</span> <span class="string">~/.halo:/root/.halo</span> <span class="string">--restart=unless-stopped</span> <span class="string">halohub/halo:1.6.0</span></span><br></pre></td></tr></table></figure></li>
</ul>
<h2 id="6-第五章-nginx服务器："><a href="#6-第五章-nginx服务器：" class="headerlink" title="6.第五章-nginx服务器："></a>6.第五章-nginx服务器：</h2><h3 id="1-安装和配置nginx："><a href="#1-安装和配置nginx：" class="headerlink" title="1.安装和配置nginx："></a>1.安装和配置nginx：</h3><ul>
<li><p>安装：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install -y nginx</span><br></pre></td></tr></table></figure>
</li>
<li><p>修改配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">/etc/nginx/conf   <span class="comment"># 此目录下为nginx主配置文件目录</span></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">/etc/nginx/conf.d   <span class="comment"># 此目录下为nginx额外配置文件目录</span></span></span><br><span class="line">vim /etc/nginx/conf.d/halo.conf     # 此为halo博客得配置文件</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line">upstream halo &#123;           # 自定义名称halo的模块</span><br><span class="line">  server 127.0.0.1:8090;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line">server &#123;                           # 对应的服务</span><br><span class="line">  listen 80;                       # 监听的端口</span><br><span class="line">  listen [::]:80;                  </span><br><span class="line">  server_name 8.130.17.95;         # 绑定的域名，访问此域名的80端口转发访问的本地8090端口</span><br><span class="line">  client_max_body_size 1024m;</span><br><span class="line">  location / &#123;</span><br><span class="line">    proxy_pass http://halo;         # halo和upstream halo后的名称相对应</span><br><span class="line">    proxy_set_header HOST $host;</span><br><span class="line">    proxy_set_header X-Forwarded-Proto $scheme;</span><br><span class="line">    proxy_set_header X-Real-IP $remote_addr;</span><br><span class="line">    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</span><br><span class="line">  &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
</li>
<li><p>检查配置文件语法：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nginx -t</span><br></pre></td></tr></table></figure>
</li>
<li><p>重载配置文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">nginx -s reload</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="2-nginx服务器配置ssl证书："><a href="#2-nginx服务器配置ssl证书：" class="headerlink" title="2.nginx服务器配置ssl证书："></a>2.nginx服务器配置ssl证书：</h3><ul>
<li><p>导入ssl证书：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">证书文件：文件类型为PEM，密钥文件：文件类型为KEY</span></span><br><span class="line">cd /etc/nginx</span><br><span class="line">mkdir cert     # 此目录下存放证书</span><br></pre></td></tr></table></figure>
</li>
<li><p>修改配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/nginx/conf.d/halo.conf     # 此为halo博客得配置文件</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br></pre></td><td class="code"><pre><span class="line">upstream halo &#123;           # 自定义名称halo的模块</span><br><span class="line">  server 127.0.0.1:8090;</span><br><span class="line">&#125;</span><br><span class="line">server &#123;</span><br><span class="line">    listen 443 ssl;</span><br><span class="line">    server_name www.qv123.top;                     # 绑定的域名</span><br><span class="line">    charset utf-8;</span><br><span class="line">    ssl_certificate /etc/nginx/cert/9146237_www.qv123.top.pem              # 证书文件路径</span><br><span class="line">    ssl_certificate_key /etc/nginx/cert/9146237_www.qv123.top.key          # 密钥文件路径</span><br><span class="line">    ssl_session_timeout 5m;</span><br><span class="line">    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;</span><br><span class="line">    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;</span><br><span class="line">    ssl_prefer_server_ciphers on;</span><br><span class="line">    location / &#123;</span><br><span class="line">        proxy_pass http://halo;         # halo和upstream halo后的名称相对应</span><br><span class="line">        proxy_set_header HOST $host;</span><br><span class="line">        proxy_set_header X-Forwarded-Proto $scheme;</span><br><span class="line">        proxy_set_header X-Real-IP $remote_addr;</span><br><span class="line">        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</span><br><span class="line">  &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line">upstream halo &#123;           # 自定义名称halo的模块</span><br><span class="line">  server 127.0.0.1:8090;</span><br><span class="line">&#125;</span><br><span class="line">server &#123;</span><br><span class="line">    listen 80;</span><br><span class="line">    listen [::]:80;  </span><br><span class="line">    server_name www.qv123.top;                     # 绑定的域名</span><br><span class="line">    rewrite ^(.*)$ https://$host$1;                # 将所有HTTP请求通过rewrite指令重定向到HTTPS</span><br><span class="line">    client_max_body_size 1024m;</span><br><span class="line">    location / &#123;</span><br><span class="line">        proxy_pass http://halo;</span><br><span class="line">        proxy_set_header HOST $host;</span><br><span class="line">        proxy_set_header X-Forwarded-Proto $scheme;</span><br><span class="line">        proxy_set_header X-Real-IP $remote_addr;</span><br><span class="line">        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure></li>
</ul>
<h2 id="7-第五章-NFS服务器："><a href="#7-第五章-NFS服务器：" class="headerlink" title="7.第五章-NFS服务器："></a>7.第五章-NFS服务器：</h2><h3 id="1-NFS服务器的概念："><a href="#1-NFS服务器的概念：" class="headerlink" title="1.NFS服务器的概念："></a>1.NFS服务器的概念：</h3><ul>
<li>文件系统：实现了VFS的接口， 来提供组织文件的功能</li>
<li>NFS（Network File System，网络文件系统）是FreeBSD支持的<strong>文件系统</strong>中的一种，它允许网络中的计算机（不同的计算机、不同的操作系统）之间通过TCP&#x2F;IP网络共享资源，主要在unix系列操作系统上使用。在NFS的应用中，本地NFS的<strong>客户端应用可以透明地读写位于远端NFS服务器上的文件</strong>，就像访问本地文件一样</li>
<li>NFS服务器可以让PC将网络中的NFS服务器共享的目录挂载到本地端的文件系统中，而在本地端的系统中看来，那个远程主机的目录就好像是自己的一个磁盘分区一样</li>
<li>由于NFS支持的功能比较多，而不同的功能都会使用不同的程序来启动，每启动一个功能就会启用一些端口来传输数据，因此NFS的功能所对应的端口并不固定，而是随机取用一些未被使用的小于1024的端口用于传输。但如此一来就会产生客户端连接服务器的问题，因为客户端需要知道服务器端的相关端口才能够连接</li>
<li>此时就需要<strong>RPC</strong>（Remote Procedure Call，远程过程调用）的服务。由于当服务器在启动NFS时会随机选取数个端口号，并主动向RPC注册，所以RPC知道每个NFS功能所对应的端口号，RPC将端口号通知给客户端，让客户端可以连接到正确的端口上去。RPC采用固定端口号port 111来监听客户端的需求并向客户端响应正确的端口号</li>
<li>注：在启动NFS之前，要先启动RPC，否则NFS会无法向RPC注册。另外，RPC若重新启动，原来注册的数据会消失不见，因此RPC重启后，它管理的所有服务都需要重新启动以重新向RPC注册</li>
</ul>
<h3 id="2-NFS的使用："><a href="#2-NFS的使用：" class="headerlink" title="2.NFS的使用："></a>2.NFS的使用：</h3><ul>
<li><p>服务端：</p>
<ul>
<li><p>安装RPC主程序：rpcbind</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install rpcbind</span><br></pre></td></tr></table></figure>
</li>
<li><p>安装NFS主程序：nfs-utils</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install nfs-utils</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">systemctl restart rpcbind</span><br><span class="line">systemctl restart nfs-server</span><br></pre></td></tr></table></figure>
</li>
<li><p>配置文件&#x2F;etc&#x2F;exports，允许网段内主机访问共享目录</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">|   共享目录     |  主机名        （权限）|</span></span><br><span class="line">/usr/qv123/nfsdata  192.168.73.0/24(rw)</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">man exports    # 查看所有参数</span><br></pre></td></tr></table></figure>

<table>
<thead>
<tr>
<th>权限参数值</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>rw&#x2F;ro</td>
<td>rw：可读写，ro：只读，还是与文件系统的rwx有关</td>
</tr>
<tr>
<td>sync&#x2F;async</td>
<td>sync：数据会同步写入到内存与硬盘中，async：则代表数据会先暂存于内存当中</td>
</tr>
<tr>
<td>no_root_squash&#x2F;root_squash</td>
<td>no_root_squash表示就显示root用户和root组；root_squash表示将root用户和组映射为匿名用户和组（默认设置）。</td>
</tr>
<tr>
<td>all_squash&#x2F;no_all_squash</td>
<td>allsquash:客户端所有用户创建文件时，客户端会将文件的用户和组映射为匿名用户和组no_all_squash:客户端普通用户创建的文件的UID和GID是多少，服务端就显示为多少（默认设置）</td>
</tr>
<tr>
<td>anonuid&#x3D;anongid&#x3D;</td>
<td>将文件的用户和组映射为指定的UID和GID，若不指定默认为65534（nfsnobody）</td>
</tr>
</tbody></table>
</li>
<li><p>使配置生效</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">exportfs -r</span><br></pre></td></tr></table></figure>
</li>
<li><p>查看是否存在共享目录：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">showmount -e [服务端IP地址]</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
<li><p>客户端：</p>
<ul>
<li><p>安装和配置软件</p>
<ul>
<li><p>方式一：安装nfs-utils（<strong>临时挂载</strong>）</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install  -y nfs-utils</span><br></pre></td></tr></table></figure>
</li>
<li><p>查看是否可以连接上共享目录：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">showmount -e [服务端IP地址]</span><br></pre></td></tr></table></figure>
</li>
<li><p>创建挂载目录，挂载目录或解挂载目录</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">mount -t nfs [服务端IP地址]:[服务端共享目录]  [本地挂载目录]</span><br><span class="line">umount [本地挂载目录]</span><br></pre></td></tr></table></figure>
</li>
<li><p>方式二：</p>
<ul>
<li><p>安装autofs（<strong>自动挂载</strong>）</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install -y autofs</span><br></pre></td></tr></table></figure>
</li>
<li><p>配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">autofs.conf：针对服务autofs的配置</span><br><span class="line">timeout = 300,               # </span><br><span class="line">dismount_interval = 300      # 挂载超时时间</span><br></pre></td></tr></table></figure>

<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">auto.master：是针对目录对应的挂载配置文件</span><br><span class="line">/misc这个目录自动挂载的信息autofs在 /etc/auto.misc中</span><br><span class="line">配置语法： 目录   自动挂载配置文件的目录</span><br></pre></td></tr></table></figure>

<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">auto.xxx：具体的挂载的信息</span><br><span class="line">cd              -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom</span><br><span class="line">挂载的目录  挂载的选项    :要挂载的设备</span><br><span class="line">boot      -fstype=ext2   :/dev/hda1</span><br></pre></td></tr></table></figure>
</li>
<li><p>修改配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/auto.master</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">添加内容</span></span><br><span class="line">/nfsclient   /etc/auto.nfs</span><br><span class="line">vim /etc/auto.nfs</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">添加内容</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash">本地端子目录 -挂载参数  服务器所提供的目录</span> </span><br><span class="line">nfsdir 192.168.73.150:/usr/qv123/nfsdata</span><br></pre></td></tr></table></figure>

<table>
<thead>
<tr>
<th>参数</th>
<th>参数功能</th>
</tr>
</thead>
<tbody><tr>
<td>fgbg</td>
<td>当执行挂载时，该挂载行为会在前台（fg）还是后台（bg）执行，若在前台执行，则mount会持续尝试挂载，直到成功或time out为止；若为后台执行，则mount会在后台持续多次进行mount，而不会影响到前台的程序运行。</td>
</tr>
<tr>
<td>softhard</td>
<td>hard表示当两者之间的任何一台主机脱机，则RPC会持续地呼叫，直到对方恢复连接为止。如果是soft的话，那RPC会在time out后重复呼叫，而非持续呼叫</td>
</tr>
<tr>
<td>intr</td>
<td>当使用上面提到的hard方式挂载时，若加上intr这个参数，则当RPC持续呼叫时，该次的呼叫是可以被中断的</td>
</tr>
<tr>
<td>rsizewsize</td>
<td>读出（rsize）与写入（wsize）的区块大小。这个设置值可以影响客户端与服务器端传输数据的缓冲记忆容量</td>
</tr>
</tbody></table>
</li>
<li><p>重启autofs服务</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl restart autofs</span><br></pre></td></tr></table></figure>
</li>
<li><p>查看挂载信息：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">mount | grep /nfs</span><br></pre></td></tr></table></figure>
</li>
<li><p>触发自动挂载，进入到子目录中触发，退出挂载目录一定时间后触发解挂载：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">cd /nfsclient/nfsdir    </span><br></pre></td></tr></table></figure></li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2 id="8-第五章-DNS域名解析服务器："><a href="#8-第五章-DNS域名解析服务器：" class="headerlink" title="8.第五章-DNS域名解析服务器："></a>8.第五章-DNS域名解析服务器：</h2><h3 id="1-介绍："><a href="#1-介绍：" class="headerlink" title="1.介绍："></a>1.介绍：</h3><ul>
<li>DNS（Domain Name System）是互联网上的一项服务，它作为将域名和IP地址相互映射的一个分布式数据库，能够使人更方便的访问互联网</li>
<li>DNS系统使用的是网络的查询，那么自然需要有监听的port。DNS使用的是53端口，在&#x2F;etc&#x2F;services（搜索domain）这个文件中能看到。通常DNS是以UDP这个较快速的数据传输协议来查询的，但是没有查询到完整的信息时，就会再次以TCP这个协议来重新查询。所以启动DNS时，会同时启动TCP以及UDP的port53</li>
</ul>
<h3 id="2-因特网的域名结构："><a href="#2-因特网的域名结构：" class="headerlink" title="2.因特网的域名结构："></a>2.因特网的域名结构：</h3><ul>
<li>由于因特网的用户数量较多，所以因特网在命名时采用的是层次树状结构的命名方法。任何一个连接在因特网上的主机或路由器，都有一个唯一的层次结构的名字，即域名(domain name)。“域”(domain)是名字空间中一个可被管理的划分</li>
<li>域名只是逻辑概念，并不代表计算机所在的物理地点。域名可分为三大类<ul>
<li>国家顶级域名：采用ISO3166的规定。如：cn代表中国，us代表美国，uk代表英国，等等。国家域名又常记为ccTLD(country code top-level domains，cc表示国家代码contry-code)</li>
<li>通用顶级域名：最常见的通用顶级域名有7个，即：com(公司企t业)，ne(网络服务机构)，org(非营利组织)，int(国际组织)，gov(美国的政府部门)，mil(美国的军事部门)</li>
<li>基础结构域名(infrastructure domain)：这种顶级域名只有一个，即arpa，用于反向域名解析，因此称为反向域名</li>
</ul>
</li>
</ul>
<h3 id="3-域名服务器的类型划分："><a href="#3-域名服务器的类型划分：" class="headerlink" title="3.域名服务器的类型划分："></a>3.域名服务器的类型划分：</h3><ul>
<li>根域名服务器：最高层次的域名服务器</li>
<li>顶级域名服务器：负责管理在该顶级域名服务器注册的二级域名</li>
<li>权限域名服务器：负责一个“区”的域名服务器</li>
<li>本地域名服务器：本地域名服务器不属于域名服务器的层次结构，但是它对域名系统非常重要。当一个主机发出DNS查询请求时，这个查询请求报文就发送给本地域名服务器</li>
</ul>
<h3 id="4-DNS域名解析："><a href="#4-DNS域名解析：" class="headerlink" title="4.DNS域名解析："></a>4.DNS域名解析：</h3><ul>
<li><p>解析工作过程：</p>
<ol>
<li><p>查询浏览器的缓存：   查到了返回IP给浏览器</p>
</li>
<li><p>查询操作系统的缓存:  </p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ipconfig/displaydns</span><br></pre></td></tr></table></figure>
</li>
<li><p>查询操作系统中 &#x2F;etc&#x2F;hosts :  ip和名字的映射关系</p>
</li>
<li><p>访问本地dns服务器，dns服务器给我返回解析后的IP</p>
</li>
<li><p>本地域名服务器(114.114….)去访问根域名服务器(.), 根域名服务器不会解析(<a href="http://www.baidu.com),根域名服务器会告诉本地域名服务器：com顶级域名服务器在哪儿(IP)">www.baidu.com),根域名服务器会告诉本地域名服务器：com顶级域名服务器在哪儿(IP)</a></p>
</li>
<li><p>本地域名服务器(114.114….)去访问顶级域名服务器(com), com顶级域名服务器也不会解析(<a target="_blank" rel="noopener" href="http://www.baidu.com/">www.baidu.com</a>), 顶级域名服务器会告诉本地域名服务器, baidu二级域名服务器在哪儿(IP)        </p>
</li>
<li><p>本地域名服务器(114.114….)去访问二级域名服务器(baidu), baidu二级域名服务器也不会解析(<a target="_blank" rel="noopener" href="http://www.baidu.com/">www.baidu.com</a>), 二级域名服务器会告诉本地域名服务器，www三级域名服务器在哪儿(ip)</p>
</li>
<li><p>本地域名服务器(114.114….)去访问三级域名服务器(www), www三级服务器解析<a target="_blank" rel="noopener" href="http://www.baidu.com,如果解析成功了,返回ip给本地域名服务器/">www.baidu.com,如果解析成功了，返回IP给本地域名服务器</a></p>
</li>
</ol>
</li>
<li><p>注：从<strong>客户端到本地DNS服务器</strong>是属于<strong>递归查询</strong>，而<strong>DNS服务器之间</strong>使用的交互查询就是<strong>迭代查询</strong>（返回的DNS服务器的IP地址）</p>
</li>
<li><p>114.114.114.114是国内移动、电信和联通通用的DNS，手机和电脑端都可以使用，干净无广告，解析成功率相对来说更高，国内用户使用的比较多，而且速度相对快、稳定，是国内用户上网常用的DNS</p>
</li>
<li><p>8.8.8.8是GOOGLE公司提供的DNS，该地址是全球通用的，相对来说，更适合国外以及访问国外网站的用户使用</p>
</li>
<li><p>FQDN：</p>
<ul>
<li>(Fully Qualified Domain Name)全限定域名：同时带有主机名和域名的名称。（通过符号“.”）</li>
<li>例如：主机名是bigserver,域名是mycompany.com,那么FQDN就是bigserver.mycompany.com</li>
<li>全限定域名可以从逻辑上准确地表示出主机在什么地方，也可以说全域名是主机名的一种完全表示形式</li>
</ul>
</li>
<li><p><strong>DNS解析方式</strong>：</p>
<ul>
<li>正向解析：将FQDN—–&gt;IP</li>
<li>反向解析：将IP—–&gt;FQDN</li>
</ul>
</li>
</ul>
<h3 id="5-搭建DNS服务器"><a href="#5-搭建DNS服务器" class="headerlink" title="5.搭建DNS服务器:"></a>5.搭建DNS服务器:</h3><ul>
<li><p>提供DNS服务的软件叫bind，服务名是named</p>
</li>
<li><p>安装：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">yum install -y bind</span><br><span class="line">rpm -ql bind     # 查看</span><br></pre></td></tr></table></figure>
</li>
<li><p>查看配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/named.conf        # bind主配置文件</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line">options &#123;</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">定义监听端口，如果所有地址都监听，则只写端口</span></span><br><span class="line">    listen-on port 53 &#123; 127.0.0.1; &#125;;</span><br><span class="line">    listen-on-v6 port 53 &#123; ::1; &#125;;      # ipv6</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">定义数据文件目录</span></span><br><span class="line">    directory    &quot;/var/named&quot;;               # 工作目录</span><br><span class="line">    dump-file    &quot;/var/named/data/cache_dump.db&quot;;        # 备份的文件</span><br><span class="line">    statistics-file &quot;/var/named/data/named_stats.txt&quot;;      # 统计的文件</span><br><span class="line">    memstatistics-file &quot;/var/named/data/named_mem_stats.txt&quot;;     # 内存的统计文件</span><br><span class="line">    secroots-file   &quot;/var/named/data/named.secroots&quot;;       # 安全的文件</span><br><span class="line">    recursing-file  &quot;/var/named/data/named.recursing&quot;; #递归的文件</span><br><span class="line">    allow-query   &#123; localhost; &#125;;    #只允许本地主机进行查询</span><br><span class="line">     recursion yes;   #允许递归</span><br><span class="line">     </span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">指定日志记录分类和他们的目标位置</span></span><br><span class="line">logging &#123;</span><br><span class="line">    channel default_debug &#123;</span><br><span class="line">        file &quot;data/named.run&quot;;</span><br><span class="line">        severity dynamic;</span><br><span class="line">    &#125;;</span><br><span class="line">&#125;;</span><br><span class="line"><span class="meta prompt_"></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">定义区域</span></span><br><span class="line">zone &quot;.&quot; IN &#123;</span><br><span class="line">    type hint;</span><br><span class="line">    file &quot;named.ca&quot;;        </span><br><span class="line">&#125;;</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">包含其他的配置文件</span></span><br><span class="line">include &quot;/etc/named.rfc1912.zones&quot;;</span><br><span class="line">include &quot;/etc/named.root.key&quot;;</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/named.rfc1912.zones   # 定义zone的文件</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line">zone &quot;localhost.localdomain&quot; IN &#123;</span><br><span class="line"> type master;        # 配置三选一，master：主域名服务器，slave：从域名服务器，hint根域名服务器</span><br><span class="line"> file &quot;named.localhost&quot;;      # 区域解析文件路径，解析记录；要把一个域名解析成某一个IP, dns一般都会有缓存，而且从域名和主域名同步的数据的设置</span><br><span class="line"> allow-update &#123; none; &#125;;      # 允许哪些主机来更新</span><br><span class="line">&#125;;</span><br><span class="line"></span><br><span class="line">zone &quot;localhost&quot; IN &#123;</span><br><span class="line"> type master;</span><br><span class="line"> file &quot;named.localhost&quot;;</span><br><span class="line"> allow-update &#123; none; &#125;;     </span><br><span class="line">&#125;;</span><br><span class="line"></span><br><span class="line">zone &quot;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa&quot; IN &#123;</span><br><span class="line"> type master;</span><br><span class="line"> file &quot;named.loopback&quot;;</span><br><span class="line"> allow-update &#123; none; &#125;;</span><br><span class="line">&#125;;</span><br><span class="line"></span><br><span class="line">zone &quot;1.0.0.127.in-addr.arpa&quot; IN &#123;       # .in-addr.arpa: 固定搭配，方向解析即将IP解析域名</span><br><span class="line"> type master;</span><br><span class="line"> file &quot;named.loopback&quot;;</span><br><span class="line"> allow-update &#123; none; &#125;;</span><br><span class="line">&#125;;</span><br><span class="line"></span><br><span class="line">zone &quot;0.in-addr.arpa&quot; IN &#123;</span><br><span class="line"> type master;</span><br><span class="line"> file &quot;named.empty&quot;;</span><br><span class="line"> allow-update &#123; none; &#125;;</span><br><span class="line">&#125;;</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">/etc/rndc.conf        # rndc配置文件</span><br></pre></td></tr></table></figure>
</li>
<li><p>查看工作目录：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line">vim /var/named/named.localhost  # 本地主机解析库</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line"><span class="meta prompt_">$</span><span class="language-bash">TTL 1D            <span class="comment"># TTL 1D: 缓存时间</span></span></span><br><span class="line">@       IN SOA  @ rname.invalid. (</span><br><span class="line">                                        0       ; serial</span><br><span class="line">                                        1D      ; refresh</span><br><span class="line">                                        1H      ; retry</span><br><span class="line">                                        1W      ; expire</span><br><span class="line">                                        3H )    ; minimum</span><br><span class="line">        NS      @</span><br><span class="line">        A       127.0.0.1</span><br><span class="line">        AAAA    ::1</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">/var/named/named.ca      #根解析库</span><br><span class="line">/var/named/slaves       # 从ns服务器文件夹</span><br></pre></td></tr></table></figure>
</li>
<li><p>？</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">/usr/sbin/named-checkconf   # 检测/etc/named.conf文件语法</span><br><span class="line">/usr/sbin/named-checkzone   # 检测zone和对应zone文件的语法</span><br><span class="line">/usr/sbin/rndc        # 远程dns管理工具</span><br><span class="line">/usr/sbin/rndc-confgen    # 生成rndc密钥</span><br></pre></td></tr></table></figure>
</li>
<li><p>日志文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">/var/log/named.log</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="6-正向解析："><a href="#6-正向解析：" class="headerlink" title="6.正向解析："></a>6.正向解析：</h3><ul>
<li><p>修改主配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/named.conf</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line">options &#123;     # 全局选项</span><br><span class="line">    listen-on port 53 &#123; 192.168.73.150; &#125;;   # 监听端口为53，大括号内为DNS服务器IP地址</span><br><span class="line">    directory    &quot;/var/named&quot;;  #全局目录</span><br><span class="line">    allow-query   &#123; 192.168.73.0/24; &#125;;    #只允许本地主机进行查询</span><br><span class="line">&#125;;</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">区域定义：</span></span><br><span class="line">zone &quot;rhce.com&quot; IN &#123;                # 正向解析baidu.com</span><br><span class="line">   type master;                     # 主服务器类型</span><br><span class="line">   file &quot;rhce.zone&quot;;                # 区域文件名</span><br><span class="line">&#125;; </span><br></pre></td></tr></table></figure>
</li>
<li><p>检查配置文件的正确性:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">named-checkconf /etc/named.conf </span><br></pre></td></tr></table></figure>
</li>
<li><p>正向解析文件资源记录（Resource Record，RR）</p>
</li>
<li><p>常见的正解文件RR相关信息:</p>
<table>
<thead>
<tr>
<th>domain</th>
<th>IN</th>
<th>RR type</th>
<th>RR data</th>
</tr>
</thead>
<tbody><tr>
<td>主机名.</td>
<td>IN</td>
<td>A</td>
<td>IPv4的IP地址</td>
</tr>
<tr>
<td>主机名.</td>
<td>IN</td>
<td>AAAA</td>
<td>IPv6的IP地址</td>
</tr>
<tr>
<td>域名.</td>
<td>IN</td>
<td>NS</td>
<td>管理这个域名的服务器主机名字，即由哪一台主机去解析当前所定义的域主机</td>
</tr>
<tr>
<td>域名.</td>
<td>IN</td>
<td>SOA起始授权记录</td>
<td>管理这个域名的七个重要参数</td>
</tr>
<tr>
<td>域名.</td>
<td>IN</td>
<td>MX</td>
<td>顺序数字，接收邮件的服务器主机名字</td>
</tr>
<tr>
<td>主机别名.</td>
<td>IN</td>
<td>CNAME</td>
<td>实际代表这个主机别名的主机名字</td>
</tr>
</tbody></table>
</li>
<li><p>SOA主要是与区域有关，所以domain要写域名。而SOA后面会接七个参数，这七个参数的意义如下：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">时间单位：M（分钟），H（小时），D（天），W（周），默认是秒</span><br><span class="line">@       IN SOA dns.rhce.com. test.163.com (  0   1D   1H   1W  3H ) </span><br></pre></td></tr></table></figure>
</li>
<li><p>修改区域配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br></pre></td><td class="code"><pre><span class="line">vim /var/named/rhce.zone</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line"><span class="meta prompt_">$</span><span class="language-bash">TTL 1D         <span class="comment"># TTL 1D: 缓存时间</span></span></span><br><span class="line">@       IN SOA dns.rhce.com. test.163.com (   # dns.rhce.com.：DNS服务器,test.163.com：管理员的Email</span><br><span class="line">                                                0           # Serial标识序列号，表示时间，例：20170215</span><br><span class="line">                                                1D          # 刷新时间，即每隔多久到主服务器检查一次，此处为2小时</span><br><span class="line">                                                1H          # 重试时间，应该小于刷新时间，此处为4分钟</span><br><span class="line">                                                1W          # 过期时间，此处为1天 	</span><br><span class="line">                                                3H )        # 主服务器挂后，从服务器至多工作的时间，此处为2天)</span><br><span class="line"></span><br><span class="line">        IN  NS  dns.rhce.com.</span><br><span class="line">        IN  MX  10  mail.rhce.com.</span><br><span class="line"></span><br><span class="line">dns.rhce.com.   IN  A   192.168.73.150      # DNS服务器IP地址</span><br><span class="line">mail.rhce.com.  IN  A   192.168.73.102</span><br><span class="line">www.rhce.com.   IN  A   192.168.73.103</span><br><span class="line">;sftp -&gt; ftp.rhce.com.</span><br><span class="line">;ftp.rhce.com -&gt; ftp.rhce.com.rhce.com.</span><br><span class="line">ftp             IN  A   192.168.73.148</span><br><span class="line">dhcp            IN  A   192.168.73.149</span><br><span class="line">ntp             IN  A   192.168.73.101</span><br><span class="line">;cname: change name</span><br><span class="line">web             IN CNAME www.rhce.com.</span><br></pre></td></tr></table></figure>
</li>
<li><p>检查：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">named-checkzone rhce.com /var/named/rhce.zone</span><br></pre></td></tr></table></figure>
</li>
<li><p>重启named服务</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl restart named</span><br></pre></td></tr></table></figure>
</li>
<li><p>测试：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">方式一：</span></span><br><span class="line">host www.rhce.com 192.168.73.150</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_">#</span><span class="language-bash">方式二：</span></span><br><span class="line">[root@quruixiang named]# nslookup</span><br><span class="line"><span class="meta prompt_">&gt; </span><span class="language-bash">server</span></span><br><span class="line">Default server: 180.76.76.76</span><br><span class="line">Address: 180.76.76.76#53</span><br></pre></td></tr></table></figure>
</li>
<li><p>使用另一台主机测试：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"># 修改/etc/resolv.conf下DNS服务器IP地址为上面修改的DNSIP地址</span><br><span class="line">vim /etc/resolv.conf</span><br><span class="line">ping www.rhce.com</span><br></pre></td></tr></table></figure>

<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">[root@quruixiang named]# nslookup</span><br><span class="line">&gt; www.rhce.com    </span><br><span class="line">Server:         180.76.76.76</span><br><span class="line">Address:        180.76.76.76#53</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="7-反向解析："><a href="#7-反向解析：" class="headerlink" title="7.反向解析："></a>7.反向解析：</h3><ul>
<li><p>修改主配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/named.conf</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line">zone &quot;73.168.192.in-addr.arpa&quot; IN &#123;          # 解析192.168.73.0/24网段</span><br><span class="line">        type master;</span><br><span class="line">        file &quot;73.168.192.zone&quot;;</span><br><span class="line">&#125;;</span><br></pre></td></tr></table></figure>
</li>
<li><p>修改区域配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line">vim /var/named/73.168.192.zone</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line"><span class="meta prompt_">$</span><span class="language-bash">TTL 1D</span></span><br><span class="line">@       IN SOA dns.rhce.com. test.163.com (</span><br><span class="line">                                                0</span><br><span class="line">                                                1D</span><br><span class="line">                                                1H</span><br><span class="line">                                                1W</span><br><span class="line">                                                3H )</span><br><span class="line"></span><br><span class="line">        IN  NS  dns.rhce.com.</span><br><span class="line"></span><br><span class="line">dns.rhce.com.     IN   PTR   192.168.73.150            # DNS服务器IP地址</span><br><span class="line">150               IN   PTR   dns.rhce.com.</span><br><span class="line">102               IN   PTR   mail.rhce.com.</span><br><span class="line">103               IN   PTR   www.rhce.com.</span><br><span class="line">148               IN   PTR   ftp.</span><br><span class="line">149               IN   PTR   dhcp.</span><br><span class="line">101               IN   PTR   ntp.</span><br></pre></td></tr></table></figure>
</li>
<li><p>重启named服务</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl restart named</span><br></pre></td></tr></table></figure>
</li>
<li><p>测试：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">host 192.168.73.101 192.168.73.150</span><br></pre></td></tr></table></figure>

<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">[root@quruixiang named]# nslookup</span><br><span class="line">&gt; www.rhce.com    </span><br><span class="line">Server:         180.76.76.76</span><br><span class="line">Address:        180.76.76.76#53</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="8-主从同步："><a href="#8-主从同步：" class="headerlink" title="8.主从同步："></a>8.主从同步：</h3><ul>
<li><p><strong>完全区域传送：复制整个区域文件</strong>:</p>
<ul>
<li><p>修改主DNS服务器主配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/named.conf</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line">options &#123;</span><br><span class="line">        allow-transfer  &#123; 192.168.73.0/24; &#125;;    # 开启区域传送，允许范围</span><br><span class="line">&#125;；</span><br><span class="line">zone &quot;73.168.192.in-addr.arpa&quot; IN &#123;          # 解析192.168.73.0/24网段</span><br><span class="line">        type master;</span><br><span class="line">        file &quot;73.168.192.zone&quot;;</span><br><span class="line">&#125;;</span><br></pre></td></tr></table></figure>
</li>
<li><p>修改从DNS服务器主配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/named.conf</span><br><span class="line">options &#123;</span><br><span class="line">        listen-on port 53 &#123; 192.168.73.151; &#125;;</span><br><span class="line">        allow-query     &#123; 192.168.73.0/24; &#125;;</span><br><span class="line">&#125;;</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line">zone &quot;rhce.com&quot; IN &#123;</span><br><span class="line">        type slave;</span><br><span class="line">        masters &#123; 192.168.73.150; &#125;</span><br><span class="line">        masterfile-format text;    # 格式为text，防止乱码</span><br><span class="line">        file &quot;slaves/rhce.zone&quot;;</span><br><span class="line">&#125;;</span><br></pre></td></tr></table></figure>
</li>
<li><p>重启DNS主服务器和从DNS从服务器</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl restart named</span><br></pre></td></tr></table></figure>
</li>
<li><p>使用从DNS进行域名解析：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">host www.rhce.com 192.168.73.151</span><br></pre></td></tr></table></figure>
</li>
<li><p>查看从DNS服务器&#x2F;var&#x2F;named&#x2F;slaves目录下的文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">ll /var/named/slaves</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
<li><p><strong>增量区域传送：仅复制区域里变化的文件</strong></p>
<ul>
<li><p>修改主DNS服务器对应的区域配置文件：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line">vim /var/named/rhce.zone</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">内容</span></span><br><span class="line">@       IN SOA dns.rhce.com. test.163.com  (</span><br><span class="line">                                                2023011012</span><br><span class="line">                                                1D</span><br><span class="line">                                                1H</span><br><span class="line">                                                1W</span><br><span class="line">                                                3H )</span><br><span class="line">  	IN  NS  dns.rhce.com.</span><br><span class="line">	IN  NS  dns1.rhce.com.                 # 添加内容</span><br><span class="line"></span><br><span class="line">dns.rhce.com.   IN  A   192.168.73.150</span><br><span class="line">dns1.rhce.com.  IN  A   192.168.73.151     # 添加内容</span><br></pre></td></tr></table></figure>
</li>
<li><p>重启DNS主服务器何从DNS从服务器</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">systemctl restart named</span><br></pre></td></tr></table></figure>
</li>
<li><p>使用从DNS进行域名解析：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">host www.rhce.com 192.168.73.151</span><br></pre></td></tr></table></figure>
</li>
<li><p>如果从DNS和主DNS的同一个区域解析文件中serial不一致，即从DNS serial比主DNS旧才传送</p>
</li>
<li><p>查看从DNS服务器&#x2F;var&#x2F;named&#x2F;slaves目录下的文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">ll /var/named/slaves</span><br><span class="line">-rw-r--r--. 1 named named 558 Jan 12 21:06 rhce.zone</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
</ul>
<h3 id="9-批量解析："><a href="#9-批量解析：" class="headerlink" title="9.批量解析："></a>9.批量解析：</h3><ul>
<li><p>正向解析：修改主DNS服务器的区域配置文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">vim /var/named/rhce.zone</span><br><span class="line"># 内容</span><br><span class="line">$GENERATE 10-20 $.baidu.com. IN A 172.24.8.$</span><br></pre></td></tr></table></figure>
</li>
<li><p>正向解析：修改主DNS服务器的区域配置文件：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">vim /var/named/73.168.192.zone</span><br><span class="line"># 内容</span><br><span class="line">$GENERATE 10-20 $ IN PTR $.baidu.com</span><br></pre></td></tr></table></figure></li>
</ul>
<h2 id="9-第七章-selinux："><a href="#9-第七章-selinux：" class="headerlink" title="9.第七章-selinux："></a>9.第七章-selinux：</h2><h3 id="1-概念：-2"><a href="#1-概念：-2" class="headerlink" title="1.概念："></a>1.概念：</h3><ul>
<li><p>SELinux是Security-Enhanced Linux的缩写，意思是安全强化的linux</p>
</li>
<li><p>SELinux 主要由美国国家安全局（NSA）开发，当初开发的目的是为了避免资源的误用</p>
</li>
<li><p>系统资源都是通过程序进行访问的，如果将&#x2F;var&#x2F;www&#x2F;html&#x2F;权限设置为777，代表所有程序均可对该目录访问</p>
</li>
<li><p>如果已经启动www服务器软件，那么该软件触发的进程将可以写入该目录，而该进程是对整个internet提供服务的。</p>
</li>
<li><p>NSA为了控制这方面的权限与进程的问题，就使用linux来作为研究目标，最后将研究的成果整合到linux内核里面去，也就是SELinux</p>
</li>
<li><p><strong>SELinux</strong>是对程序、文件等权限设置依据的一个<strong>内核模块</strong>。由于启动网络服务的也是程序，因此刚好也是能够控制网络服务<strong>能否访问系统资源的一道关卡</strong></p>
<table>
<thead>
<tr>
<th>访问控制</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>DAC（Discretionary Access Control）</td>
<td>自主访问控制，传统的文件权限与账号的关系</td>
</tr>
<tr>
<td>MAC（Mandatory Access Control）</td>
<td>强制访问控制，以策略规则制定特定程序读取特定文件</td>
</tr>
</tbody></table>
</li>
</ul>
<h3 id="2-selinux的运行模式："><a href="#2-selinux的运行模式：" class="headerlink" title="2.selinux的运行模式："></a>2.selinux的运行模式：</h3><ul>
<li><p>SELinux是通过MAC的方式来控制管理进程，它控制的主体是进程，而目标则是该进程能否读取的文件资源</p>
</li>
<li><p>主体（subject）：就是进程</p>
</li>
<li><p>目标（object）：被主体访问的资源，可以是文件、目录、端口等</p>
</li>
<li><p>SELinux支持三种模式：</p>
<table>
<thead>
<tr>
<th>模式</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>enforcing</td>
<td>强制模式，代表SELinux正在运行中，开始限制domain&#x2F;type</td>
</tr>
<tr>
<td>permissive</td>
<td>宽容模式，代表SELinux正在运行中，不过仅会有警告信息并不会实际限制domain&#x2F;type的访问</td>
</tr>
<tr>
<td>disabled</td>
<td>关闭，SELinux并没有实际运行</td>
</tr>
</tbody></table>
</li>
<li><p>查看目前的模式</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">getenforce</span><br></pre></td></tr></table></figure>
</li>
<li><p>临时设置：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">setenforce [0/1]      # 0:permissive,1:enforcing</span><br></pre></td></tr></table></figure>
</li>
<li><p>永久修改：修改完成后重启才能生效</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/selinux/config</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="3-setlinux的策略："><a href="#3-setlinux的策略：" class="headerlink" title="3.setlinux的策略："></a>3.setlinux的策略：</h3><ul>
<li><p>策略（policy）：由于进程与文件数量庞大，因此SELinux会依据某些服务来制定基本的访问安全策略。这些策略内还会有详细的规则（rule）来指定不同的服务开放某些资源的访问与否。目前主要的策略有</p>
<table>
<thead>
<tr>
<th>策略</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>targeted</td>
<td>针对网络服务限制较多，针对本机限制较少，是默认的策略</td>
</tr>
<tr>
<td>strict</td>
<td>完整的SELinux限制，限制方面较为严格</td>
</tr>
</tbody></table>
</li>
<li><p>查看目前的selinux使用的策略：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sestatus</span><br></pre></td></tr></table></figure>
</li>
<li><p>永久修改策略：改变策略之后需要重新启动</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/selinux/config</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="4-setlinux的安全上下文："><a href="#4-setlinux的安全上下文：" class="headerlink" title="4.setlinux的安全上下文："></a>4.setlinux的安全上下文：</h3><ul>
<li><p>安全上下文（security context）：主体能不能访问目标除了策略指定外，主体与目标的安全上下文必须一致才能够顺利访问</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">                    身份标识      角色     类型</span></span><br><span class="line">drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 home</span><br></pre></td></tr></table></figure>

<table>
<thead>
<tr>
<th>字段</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>主体</td>
<td>root：表示root的账号身份， system_u：表示进程，unconfined_u：用户账号</td>
</tr>
<tr>
<td>角色</td>
<td>object_r：代表的是文件或目录等文件资源，system_r：代表的是进程</td>
</tr>
<tr>
<td>类型</td>
<td>type：在文件资源上面称为类型，domain：在主体程序中则称为域，domain与type搭配，才能够顺利读取文件资源</td>
</tr>
</tbody></table>
</li>
<li><p>最终文件的成功访问还是与文件系统的rwx权限设置有关</p>
</li>
<li><p>查看文件的安全上下文：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">ll -Z</span><br><span class="line"># 内容</span><br><span class="line">-rw-------. root root system_u:object_r:admin_home_t:s0 anaconda-ks.cfg</span><br><span class="line">drwxr-xr-x. root root unconfined_u:object_r:admin_home_t:s0 home</span><br></pre></td></tr></table></figure>
</li>
<li><p>修改安全上下文：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">chcon [-R] [-t type] [-u user] [-r role] [路径]</span><br></pre></td></tr></table></figure>

<table>
<thead>
<tr>
<th>参数</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>-R</td>
<td>连同该目录下的子目录也同时修改</td>
</tr>
<tr>
<td>-t</td>
<td>后面接安全上下文的类型字段</td>
</tr>
<tr>
<td>-u</td>
<td>后面接身份识别（主体）</td>
</tr>
<tr>
<td>-r</td>
<td>后面接角色</td>
</tr>
<tr>
<td>-v</td>
<td>将过程显示到屏幕上</td>
</tr>
</tbody></table>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">chcon [-R] --reference=[范例文件] [路径]      # 将文件的安全上下文按照范例文件修改</span><br></pre></td></tr></table></figure>
</li>
<li><p>还原默认上下文：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">restorecon [-Rv] [路径]</span><br></pre></td></tr></table></figure></li>
</ul>
<h2 id="10-第八章-防火墙："><a href="#10-第八章-防火墙：" class="headerlink" title="10.第八章-防火墙："></a>10.第八章-防火墙：</h2><h3 id="1-概念：-3"><a href="#1-概念：-3" class="headerlink" title="1.概念："></a>1.概念：</h3><ul>
<li><p>Linux系统运行时，内存分内核空间和用户空间</p>
<ul>
<li>内核空间：是Linux内核代码运行的空间，它能直接调用系统资源</li>
<li>用户空间：是运行用户程序的空间，用户空间的程序不能直接调用系统资源</li>
</ul>
</li>
<li><p><strong>防火墙</strong>：防火墙是位于<strong>内部网和外部网之间的屏障</strong>，它按照系统管理员预先<strong>定义好的规则来控制数据包的进出</strong></p>
</li>
<li><p>防火墙又可以分为<strong>硬件防火墙</strong>与<strong>软件防火墙</strong>。</p>
<ul>
<li>硬件防火墙是由厂商设计好的主机硬件，这台硬件防火墙的操作系统主要以提供数据包数据的过滤机制为主，并将其他不必要的功能拿掉。</li>
<li>软件防火墙就是保护系统网络安全的一套软件（或称为机制），例如Netfilter与TCP Wrappers都可以称为软件防火墙</li>
</ul>
</li>
<li><p>这儿主要介绍linux系统本身提供的软件防火墙的功能，那就是<strong>Netfilter</strong>，即<strong>数据包过滤机制</strong></p>
</li>
<li><p>数据包过滤，也就是分析进入主机的网络数据包，<strong>将数据包的头部数据提取出来进行分析</strong>，以决定该连接为放行或抵挡的机制。由于这种方式可以直接分析数据包头部数据，包括硬件地址，软件地址，TCP、UDP、ICMP等数据包的信息都可以进行过滤分析，因此用途非常广泛（主要分析OSI七层协议的2、3、4层）。</p>
</li>
<li><p>由此可知，linux的Netfilter机制可以进行的分析工作有：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">拒绝让Internet的数据包进入主机的某些端口</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">拒绝让某些来源ip的数据包进入</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">拒绝让带有某些特殊标志（flag）的数据包进入，最常拒绝的就是带有SYN的主动连接的标志了</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">分析硬件地址（MAC）来决定连接与否</span></span><br></pre></td></tr></table></figure>
</li>
<li><p>虽然Netfilter防火墙可以做到这么多事情，不过，某些情况下，它并不能保证我们的网络一定就很安全。例如：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta prompt_"># </span><span class="language-bash">防火墙并不能有效阻挡病毒或木马程序。（假设主机开放了www服务，防火墙的设置是一定要将www服务的port开放给client端的</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">假设www服务器软件有漏洞，或者请求www服务的数据包本身就是病毒的一部分时，防火墙是阻止不了的）</span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">防火墙对于内部LAN的攻击无能为力（防火墙对于内部的规则设置通常比较少，所以就很容易造成内部员工对于网络无用或滥用的情况）</span></span><br></pre></td></tr></table></figure>
</li>
<li><p><strong>netfilter这个数据包过滤机制是由linux内核内建的</strong>，<strong>不同的内核版本使用的设置防火墙策略的软件不一样</strong>，在红帽7系统中firewalld服务取代了iptables服务</p>
</li>
<li><p>但其实<strong>iptables服务</strong>与<strong>firewalld服务</strong>它们都只是用来定义防火墙策略的“<strong>防火墙管理工具</strong>”而已，他们的<strong>作用都是用于维护规则</strong>，而真正使用规则干活的是内核的netfilter</p>
</li>
</ul>
<h3 id="2-iptables："><a href="#2-iptables：" class="headerlink" title="2.iptables："></a>2.iptables：</h3><ul>
<li><p>防火墙会从<strong>以上至下</strong>的顺序来读取配置的策略规则，在找到匹配项后就立即结束匹配工作并去执行匹配项中定义的行为（即放行或阻止,ACCEPT,REJECT,DROP）。</p>
</li>
<li><p>如果在读取完所有的策略规则之后没有匹配项，就去执行默认的策略。一般而言，防火墙策略规则的设置有两种：</p>
<ul>
<li><p>一种是“通”（即放行）</p>
</li>
<li><p>一种是“堵”（即阻止）。</p>
</li>
</ul>
</li>
<li><p>当防火墙的默认策略为拒绝时（堵），就要设置允许规则（通），否则谁都进不来；</p>
</li>
<li><p>如果防火墙的默认策略为允许时，就要设置拒绝规则，否则谁都能进来，防火墙也就失去了防范的作用。</p>
</li>
<li><p>iptables服务把用于处理或过滤流量的<strong>策略条目</strong>称之为<strong>规则</strong>，<strong>多条规则可以组成一个规则链</strong>，而规则链则依据数据包处理位置的不同进行分类，具体如下</p>
<table>
<thead>
<tr>
<th>链名</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>INPUT</td>
<td>处理流入的数据包</td>
</tr>
<tr>
<td>OUTPUT</td>
<td>处理流出的数据包</td>
</tr>
<tr>
<td>FORWARD</td>
<td>处理转发的数据包</td>
</tr>
<tr>
<td>PREROUTING</td>
<td>在进行路由选择前处理数据包，用于目标地址转换</td>
</tr>
<tr>
<td>POSTROUTING</td>
<td>在进行路由选择后处理数据包，用于源地址转换</td>
</tr>
</tbody></table>
</li>
<li><p>图示：</p>
<p><img src="C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20230114213025760.png" alt="image-20230114213025760"></p>
</li>
<li><p>表：</p>
<ul>
<li><p>有些规则的作用痕相似，多条具有相同功能的规则合在一起就组成流一个“表”</p>
</li>
<li><p>iptables提供流四张表</p>
<table>
<thead>
<tr>
<th>表名</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>filter</td>
<td>主要对数据包进行过滤</td>
</tr>
<tr>
<td>nat</td>
<td>网络地址转换，主要y用于修改数据包中IP地址，端口号等</td>
</tr>
<tr>
<td>mangle</td>
<td>拆解报文，做出修改，并重新封装；主要用于修改数据包的TOS，TTL，Mark标记</td>
</tr>
<tr>
<td>raw</td>
<td>主要用于决定数据包是否被状态跟踪机制处理</td>
</tr>
</tbody></table>
</li>
</ul>
</li>
<li><p>表链关系：</p>
<p><img src="C:\Users\Administrator\AppData\Roaming\Typora\typora-user-images\image-20230114214157383.png" alt="image-20230114214157383"></p>
</li>
<li><p>处理的动作：</p>
<table>
<thead>
<tr>
<th>动作</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>ACCEPT</td>
<td>允许数据包通过</td>
</tr>
<tr>
<td>DROP</td>
<td>直接丢弃数据包，不回复对方</td>
</tr>
<tr>
<td>REJECT</td>
<td>拒绝数据包，回复对方</td>
</tr>
<tr>
<td>SNAT</td>
<td>源IP地址转换，出本地网络栈之前</td>
</tr>
<tr>
<td>MASQUERADE</td>
<td>SNAT一种特殊形式，</td>
</tr>
<tr>
<td>DNAT</td>
<td>目标IP地址转换</td>
</tr>
<tr>
<td>REDIRECT</td>
<td>在本机做端口映射</td>
</tr>
<tr>
<td>LOG</td>
<td>记录日志信息，&#x2F;var&#x2F;log&#x2F;messages</td>
</tr>
</tbody></table>
</li>
<li><p>安装iptables服务的包：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">yum install -y iptables-services</span><br></pre></td></tr></table></figure>
</li>
<li><p>关闭防火墙，重启iptables服务：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">systemctl stop firewalld</span><br><span class="line">systemctl start iptables</span><br></pre></td></tr></table></figure>
</li>
<li><p>iptables命令：</p>
<ul>
<li><p>iptables命令可以根据流量的源地址、目的地址、传输协议、服务类型等信息进行匹配，一旦匹配成功，iptables就会根据策略规则所预设的动作来处理这些流量</p>
</li>
<li><p>语法:</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">iptables -t [表名] -[A/I/D/R] [规则链名] [规则号] -[i/o 网卡名] -p [协议名] </span><br><span class="line">		 -s [源IP/源子网] --sport [源端口] -d 目标IP/目标子网] --dport [目标端口] -j [动作]</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">例：</span></span><br><span class="line"><span class="meta prompt_">#</span><span class="language-bash"><span class="comment"># 添加规则filter表，默认规则号1，允许TCP连接80端口</span></span></span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">iptables -t filter -I INPUT  -p tcp --dport 80 -j ACCEPT</span>     </span><br></pre></td></tr></table></figure>
</li>
<li><p>iptables的参数说明：</p>
<table>
<thead>
<tr>
<th>参数</th>
<th>说明</th>
</tr>
</thead>
<tbody><tr>
<td>-L</td>
<td>–list [chain] 列出链 chain 上面的所有规则，如果没有指定链，列出表上所有链的所有规则</td>
</tr>
<tr>
<td>-A</td>
<td>–append：在指定链 chain 的末尾插入指定的规则</td>
</tr>
<tr>
<td>-I</td>
<td>–insert ：在链 chain 中的指定位置插入一条或多条规则。默认规则号是1，在链的头部插入</td>
</tr>
<tr>
<td>-D</td>
<td>–delete：在指定的链 chain 中删除一个或多个指定规则</td>
</tr>
<tr>
<td>-R</td>
<td>Replays替换&#x2F;修改第几条规则</td>
</tr>
<tr>
<td>-P</td>
<td>–policy chain target ：为指定的链 chain 设置策略 target。注意，只有内置的链才允许有策略，用户自定义的是不允许的</td>
</tr>
<tr>
<td>-F</td>
<td>–flush [chain] 清空指定链 chain 上面的所有规则。如果没有指定链，清空该表上所有链的所有规则</td>
</tr>
<tr>
<td>-N</td>
<td>–new-chain chain 用指定的名字创建一个新的链</td>
</tr>
<tr>
<td>-X</td>
<td>–delete-chain [chain] ：删除指定的链，这个链必须没有被其它任何规则引用，而且这条上必须没有任何规则。如果没有指定链名，则会删除该表中所有非内置的链</td>
</tr>
<tr>
<td>-E</td>
<td>–rename-chain old-chain new-chain ：用指定的新名字去重命名指定的链。这并不会对链内部照成任何影响</td>
</tr>
<tr>
<td>-h</td>
<td>显示帮助信息</td>
</tr>
</tbody></table>
</li>
<li><p>添加规则表filter中的规则链，头部添加条目：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">iptables -t filter -I INPUT  -p tcp --dport 80 -j ACCEPT     </span><br></pre></td></tr></table></figure>
</li>
<li><p>添加规则表filter中的规则链，尾部添加条目：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">iptables -A INPUT -p tcp --dport 80 -j ACCEPT</span><br></pre></td></tr></table></figure>
</li>
<li><p>修改&#x2F;替换规则表中规则链的条目：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">iptables -R filter -I INPUT 4</span><br></pre></td></tr></table></figure>
</li>
<li><p>删除规则链的条目：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">iptables -D INPUT 1</span><br></pre></td></tr></table></figure>
</li>
<li><p>查看规则表：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">iptables -vnL --line-numbers</span><br></pre></td></tr></table></figure>
</li>
<li><p>给指定规则链上添加策略：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">iptables -p INPUT DROP</span><br></pre></td></tr></table></figure>
</li>
<li><p>清空指定链上的所有规则：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">iptables -F input</span><br></pre></td></tr></table></figure></li>
</ul>
</li>
</ul>
<h3 id="3-firewalld"><a href="#3-firewalld" class="headerlink" title="3.firewalld:"></a>3.firewalld:</h3><ul>
<li><p>相比于传统的防火墙管理工具，<strong>firewalld支持动态更新技术并加入了区域的概念</strong></p>
</li>
<li><p>区域就是firewalld预先准备了几套防火墙策略集合（策略模板），用户可以选择不同的集合，从而实现防火墙策略之间的快速切换</p>
</li>
<li><p>firewalld中常见的区域名称（<strong>默认为public</strong>）以及相应的策略规则：</p>
<table>
<thead>
<tr>
<th>区域</th>
<th>默认规则策略</th>
</tr>
</thead>
<tbody><tr>
<td>阻塞区域（block）</td>
<td>拒绝流入的流量，除非与流出的流量相关</td>
</tr>
<tr>
<td>工作区域（work）</td>
<td>拒绝流入的流量，除非与流出的流量相关</td>
</tr>
<tr>
<td>家庭区域（home）</td>
<td>拒绝流入的流量，除非与流出的流量相关</td>
</tr>
<tr>
<td>公共区域（public）</td>
<td>不相信网络上的任何计算机，只有选择接受传入的网络连接。</td>
</tr>
<tr>
<td>隔离区域（DMZ）</td>
<td>隔离区域也称为非军事区域，内外网络之间增加的一层网络，起到缓冲作用。对于隔离区域，只有选择接受传入的网络连接。</td>
</tr>
<tr>
<td>信任区域（trusted）</td>
<td>允许所有的数据包。</td>
</tr>
<tr>
<td>丢弃区域（drop）</td>
<td>拒绝流入的流量，除非与流出的流量相关</td>
</tr>
<tr>
<td>内部区域（internal）</td>
<td>等同于home区域</td>
</tr>
<tr>
<td>外部区域（external）</td>
<td>拒绝流入的流量，除非与流出的流量有关；而如果流量与ssh服务相关，则允许流量</td>
</tr>
</tbody></table>
</li>
<li><p>firewalld默认提供的九个zone配置文件：&#x2F;usr&#x2F;lib&#x2F;firewalld&#x2F;zones&#x2F;</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line">block.xml </span><br><span class="line">drop.xml </span><br><span class="line">home.xml </span><br><span class="line">public.xml </span><br><span class="line">work.xml </span><br><span class="line">dmz.xml </span><br><span class="line">external.xml </span><br><span class="line">internal.xml </span><br><span class="line">trusted.xml</span><br></pre></td></tr></table></figure>
</li>
<li><p>在RHEL7中，firewalld服务是默认的防火墙配置管理工具，他拥有基于和基于的两种管理方式</p>
<ul>
<li>CLI（命令行界面）</li>
<li>GUI（图形用户界面）</li>
</ul>
</li>
<li><p>firewall-config和firewall-cmd是直接编辑xml文件，其中firewall-config是图形化工具，firewall-cmd是命令行工具。</p>
</li>
<li><p>firewall-cmd命令的参数说明如下：</p>
<table>
<thead>
<tr>
<th>参数</th>
<th>作用</th>
</tr>
</thead>
<tbody><tr>
<td>–get-default-zone</td>
<td>查询默认的区域名称</td>
</tr>
<tr>
<td>–set-default-zone&#x3D;&lt;区域名称&gt;</td>
<td>设置默认的区域，使其永久生效</td>
</tr>
<tr>
<td>–get-zones</td>
<td>显示可用的区域</td>
</tr>
<tr>
<td>–get-services</td>
<td>显示预先定义的服务</td>
</tr>
<tr>
<td>–get-active-zones</td>
<td>显示当前正在使用的区域与网卡名称</td>
</tr>
<tr>
<td>–add-source&#x3D;</td>
<td>将<strong>源</strong>自此<strong>IP</strong>或子网的流量导向指定的区域</td>
</tr>
<tr>
<td>–remove-source&#x3D;</td>
<td>不再将源自此IP或子网的流量导向某个指定区域</td>
</tr>
<tr>
<td>–add-interface&#x3D;&lt;网卡名称&gt;</td>
<td>将源自该网卡的所有流量都导向某个指定区域</td>
</tr>
<tr>
<td>–change-interface&#x3D;&lt;网卡名称&gt;</td>
<td>将某个网卡与区域进行关联</td>
</tr>
<tr>
<td><strong>–list-all</strong></td>
<td>显示当前区域的网卡配置参数、资源、端口以及服务等信息</td>
</tr>
<tr>
<td>–list-all-zones</td>
<td>显示所有区域的网卡配置参数、资源、端口以及服务等信息</td>
</tr>
<tr>
<td>–add-service&#x3D;&lt;服务名&gt;</td>
<td>设置默认区域允许该<strong>服务</strong>的流量</td>
</tr>
<tr>
<td>–add-port&#x3D;&lt;端口号&#x2F;协议&gt;</td>
<td>设置默认区域允许该<strong>端口</strong>的流量</td>
</tr>
<tr>
<td>–remove-service&#x3D;&lt;服务名&gt;</td>
<td>设置默认区域不再允许该服务的流量</td>
</tr>
<tr>
<td>–remove-port&#x3D;&lt;端口号&#x2F;协议&gt;</td>
<td>设置默认区域不再允许该端口的流量</td>
</tr>
<tr>
<td>–reload</td>
<td>让“<strong>永久生效</strong>”的配置规则立即生效，并覆盖当前的配置规则</td>
</tr>
<tr>
<td>–panic-on</td>
<td>开启应急状况模式</td>
</tr>
<tr>
<td>–panic-off</td>
<td>关闭应急状况模式</td>
</tr>
<tr>
<td>–query-panic</td>
<td>查询紧急模式状态</td>
</tr>
<tr>
<td>–version</td>
<td>查看版本</td>
</tr>
<tr>
<td>–help</td>
<td>查看帮助</td>
</tr>
<tr>
<td>–state</td>
<td>显示状态</td>
</tr>
<tr>
<td>–get-services</td>
<td>查看命令支持的服务</td>
</tr>
<tr>
<td></td>
<td></td>
</tr>
</tbody></table>
</li>
<li><p>禁止协议访问或者开放协议访问</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">firewall-cmd --add-service=http</span><br><span class="line">firewall-cmd --remove-service=http</span><br></pre></td></tr></table></figure>
</li>
<li><p>禁止端口访问或者开放端口访问</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">firewall-cmd --add-port=80/tcp</span><br><span class="line">firewall-cmd --removes-port=80/tcp</span><br></pre></td></tr></table></figure>
</li>
<li><p>禁止源IP地址访问或者开放源IP地址访问</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">firewall-cmd --add-source=[IP地址]</span><br><span class="line">firewall-cmd --removes-source=[IP地址]</span><br></pre></td></tr></table></figure>
</li>
<li><p>永久添加：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">firewall-cmd --add-source=[IP地址] --permanent</span><br></pre></td></tr></table></figure>

<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">firewall-cmd --reload     # 重载配置文件</span><br></pre></td></tr></table></figure>
</li>
<li><p>查看</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">firewall-cmd --list-all</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="4-富规则："><a href="#4-富规则：" class="headerlink" title="4.富规则："></a>4.富规则：</h3><ul>
<li><p>查看帮助文档：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">man 5 firewalld.richlanguage</span><br></pre></td></tr></table></figure>
</li>
<li><p>添加富规则：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">firewall-cmd --permanent --add-service=ssh	   # 先添加服务，默认已添加</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">禁止172.24.8.0网段的地址进行ssh访问</span></span><br><span class="line">firewall-cmd --permanent --add-rich-rule &#x27;rule family=&quot;ipv4&quot; source address=&quot;172.24.8.0/24&quot; </span><br><span class="line">			service name=&quot;ssh&quot; reject&#x27;    	</span><br></pre></td></tr></table></figure>
</li>
<li><p>删除富规则：</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">firewall-cmd --permanent --remove-rich-rule=&#x27;rule family=&quot;ipv4&quot; </span><br><span class="line">			source address=&quot;172.24.8.0/24&quot; service name=&quot;ssh&quot; reject&#x27;</span><br></pre></td></tr></table></figure></li>
</ul>
<h3 id="5-端口转发："><a href="#5-端口转发：" class="headerlink" title="5.端口转发："></a>5.端口转发：</h3><ul>
<li><p>配置端口转发：将一个网段的源IP地址中的端口转发</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">firewall-cmd --permanent --add-masquerade     # 开启IP伪装</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">在172.24.8.0网段的主机访问该服务器的5423端口将被转发到80端口</span></span><br><span class="line">firewall-cmd --permanent --add-rich-rule=&#x27;rule family=&quot;ipv4&quot; source address=&quot;172.24.8.0/24&quot; </span><br><span class="line">			forward-port port=&quot;5423&quot; protocol=&quot;tcp&quot; to-port=&quot;80&quot;&#x27;   </span><br></pre></td></tr></table></figure>
</li>
<li><p>配置端口转发：将本机的端口转发到一个网段的主机端口</p>
<figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">firewall-cmd --permanent --add-masquerade     # 开启IP伪装</span><br><span class="line"><span class="meta prompt_"># </span><span class="language-bash">此规则将本机80端口转发到192.168.1.1的8080端口上</span></span><br><span class="line">firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080:toaddr=192.168.1.1 --permanent</span><br></pre></td></tr></table></figure></li>
</ul>
</article><div class="post-copyright"><div class="post-copyright__author"><span class="post-copyright-meta">Author: </span><span class="post-copyright-info"><a href="http://example.com">阿尔托莉雅</a></span></div><div class="post-copyright__type"><span class="post-copyright-meta">Link: </span><span class="post-copyright-info"><a href="http://example.com/2023/03/13/3.linux/A3.Linux%E4%B8%AD%E7%BA%A7%E5%91%BD%E4%BB%A4/">http://example.com/2023/03/13/3.linux/A3.Linux%E4%B8%AD%E7%BA%A7%E5%91%BD%E4%BB%A4/</a></span></div><div class="post-copyright__notice"><span class="post-copyright-meta">Copyright Notice: </span><span class="post-copyright-info">All articles in this blog are licensed under <a target="_blank" rel="noopener" href="https://creativecommons.org/licenses/by-nc-sa/4.0/">CC BY-NC-SA 4.0</a> unless stating additionally.</span></div></div><div class="tag_share"><div class="post-meta__tag-list"><a class="post-meta__tags" href="/tags/Linux/">Linux</a></div><div class="post_share"><div class="social-share" data-image="/images/Otherwallpaper/avatar.png" data-sites="facebook,twitter,wechat,weibo,qq"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/butterfly-extsrc/sharejs/dist/css/share.min.css" media="print" onload="this.media='all'"><script src="https://cdn.jsdelivr.net/npm/butterfly-extsrc/sharejs/dist/js/social-share.min.js" defer></script></div></div><nav class="pagination-post" id="pagination"><div class="prev-post pull-left"><a href="/2023/03/13/3.linux/A4.Shell%E8%84%9A%E6%9C%AC/" title="Shell脚本"><div class="cover" style="background: var(--default-bg-color)"></div><div class="pagination-info"><div class="label">Previous Post</div><div class="prev_info">Shell脚本</div></div></a></div><div class="next-post pull-right"><a href="/2023/03/13/3.linux/A2.Linux%E5%88%9D%E7%BA%A7%E5%91%BD%E4%BB%A4/" title="Linux初级命令"><div class="cover" style="background: var(--default-bg-color)"></div><div class="pagination-info"><div class="label">Next Post</div><div class="next_info">Linux初级命令</div></div></a></div></nav><div class="relatedPosts"><div class="headline"><i class="fas fa-thumbs-up fa-fw"></i><span>Related Articles</span></div><div class="relatedPosts-list"><div><a href="/2023/03/13/3.linux/A1.linux%E5%9F%BA%E7%A1%80/" title="Linux基础"><div class="cover" style="background: var(--default-bg-color)"></div><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2023-03-13</div><div class="title">Linux基础</div></div></a></div><div><a href="/2023/03/13/3.linux/A2.Linux%E5%88%9D%E7%BA%A7%E5%91%BD%E4%BB%A4/" title="Linux初级命令"><div class="cover" style="background: var(--default-bg-color)"></div><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2023-03-13</div><div class="title">Linux初级命令</div></div></a></div><div><a href="/2023/03/13/3.linux/A4.Shell%E8%84%9A%E6%9C%AC/" title="Shell脚本"><div class="cover" style="background: var(--default-bg-color)"></div><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2023-03-13</div><div class="title">Shell脚本</div></div></a></div><div><a href="/2023/03/13/3.linux/B1.Docker%E5%AE%B9%E5%99%A8/" title="Docker容器"><div class="cover" style="background: var(--default-bg-color)"></div><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2023-03-13</div><div class="title">Docker容器</div></div></a></div><div><a href="/2023/03/13/3.linux/C1.git%E5%B7%A5%E5%85%B7/" title="git工具"><div class="cover" style="background: var(--default-bg-color)"></div><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2023-03-13</div><div class="title">git工具</div></div></a></div><div><a href="/2023/03/13/3.linux/D1.Ansible%E8%87%AA%E5%8A%A8%E5%8C%96%E8%BF%90%E7%BB%B4%E5%B7%A5%E5%85%B7/" title="Ansible基础"><div class="cover" style="background: var(--default-bg-color)"></div><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2023-03-13</div><div class="title">Ansible基础</div></div></a></div></div></div></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="/images/Otherwallpaper/avatar.png" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">阿尔托莉雅</div><div class="author-info__description"></div></div><div class="card-info-data site-data is-center"><a href="/archives/"><div class="headline">Articles</div><div class="length-num">11</div></a><a href="/tags/"><div class="headline">Tags</div><div class="length-num">4</div></a><a href="/categories/"><div class="headline">Categories</div><div class="length-num">2</div></a></div><a id="card-info-btn" target="_blank" rel="noopener" href="https://github.com/xxxxxx"><i class="fab fa-github"></i><span>Follow Me</span></a><div class="card-info-social-icons is-center"><a class="social-icon" href="https://toscode.gitee.com/blue-fantasy" target="_blank" title="Gitee"><i class="fab fa-github"></i></a><a class="social-icon" href="/1095322098@qq.com" target="_blank" title="Email"><i class="fas fa-envelope"></i></a></div></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn fa-shake"></i><span>Announcement</span></div><div class="announcement_content">This is my Blog</div></div><div class="sticky_layout"><div class="card-widget" id="card-toc"><div class="item-headline"><i class="fas fa-stream"></i><span>Catalog</span><span class="toc-percentage"></span></div><div class="toc-content"><ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#70-Linux%E6%90%AD%E5%BB%BA%E5%87%86%E5%A4%87%E5%B7%A5%E4%BD%9C%EF%BC%9A"><span class="toc-number">1.</span> <span class="toc-text">70.Linux搭建准备工作：</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#1-Linx%E4%B8%8A%E7%BD%91%E9%97%AE%E9%A2%98%EF%BC%9A"><span class="toc-number">1.1.</span> <span class="toc-text">1.Linx上网问题：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-%E9%85%8D%E7%BD%AE%E7%99%BD%E5%90%8D%E5%8D%95%E5%92%8C%E5%AE%89%E5%85%A8%E7%BB%84"><span class="toc-number">1.2.</span> <span class="toc-text">2.配置白名单和安全组:</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#3-%E9%85%8D%E7%BD%AE%E9%98%B2%E7%81%AB%E5%A2%99%EF%BC%9A"><span class="toc-number">1.3.</span> <span class="toc-text">3.配置防火墙：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#4-%E9%85%8D%E7%BD%AE%E7%BD%91%E7%BB%9Cyum%E6%BA%90%EF%BC%9A"><span class="toc-number">1.4.</span> <span class="toc-text">4.配置网络yum源：</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#1-%E7%AC%AC%E4%B8%80%E7%AB%A0%EF%BC%9A"><span class="toc-number">2.</span> <span class="toc-text">1.第一章：</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#1-%E9%80%9A%E9%85%8D%E7%AC%A6%EF%BC%9A"><span class="toc-number">2.1.</span> <span class="toc-text">1.通配符：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-%E5%8D%95%E4%B8%80%E6%89%A7%E8%A1%8C%E7%9A%84%E4%BE%8B%E8%A1%8C%E5%B7%A5%E4%BD%9C%EF%BC%9Aat%E5%91%BD%E4%BB%A4"><span class="toc-number">2.2.</span> <span class="toc-text">2.单一执行的例行工作：at命令</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#3-%E4%BD%BF%E7%94%A8%E7%BD%91%E6%98%93%E9%82%AE%E7%AE%B1%E5%8F%91%E9%80%81%E9%82%AE%E7%AE%B1%EF%BC%9A"><span class="toc-number">2.3.</span> <span class="toc-text">3.使用网易邮箱发送邮箱：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#4-%E5%BE%AA%E7%8E%AF%E6%89%A7%E8%A1%8C%E7%9A%84%E4%BE%8B%E8%A1%8C%E6%80%A7%E5%B7%A5%E4%BD%9C%EF%BC%9Acrontab%E5%91%BD%E4%BB%A4%EF%BC%9A"><span class="toc-number">2.4.</span> <span class="toc-text">4.循环执行的例行性工作：crontab命令：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#5-%E7%B3%BB%E7%BB%9F%E7%9A%84%E4%BE%8B%E8%A1%8C%E6%80%A7%E4%BB%BB%E5%8A%A1%EF%BC%9A"><span class="toc-number">2.5.</span> <span class="toc-text">5.系统的例行性任务：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#6-%E5%8F%AF%E5%94%A4%E9%86%92%E5%81%9C%E6%9C%BA%E6%9C%9F%E9%97%B4%E7%9A%84%E5%B7%A5%E4%BD%9C%E4%BB%BB%E5%8A%A1"><span class="toc-number">2.6.</span> <span class="toc-text">6.可唤醒停机期间的工作任务:</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#2-%E7%AC%AC%E4%BA%8C%E7%AB%A0-chrony%E6%9C%8D%E5%8A%A1%E5%99%A8%EF%BC%9A"><span class="toc-number">3.</span> <span class="toc-text">2.第二章-chrony服务器：</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#1-%E6%A6%82%E5%BF%B5%EF%BC%9A"><span class="toc-number">3.1.</span> <span class="toc-text">1.概念：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-%E5%AE%89%E8%A3%85%E4%B8%8E%E9%85%8D%E7%BD%AE%EF%BC%9A"><span class="toc-number">3.2.</span> <span class="toc-text">2.安装与配置：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#3-%E9%85%8D%E7%BD%AE%E6%97%B6%E9%97%B4%E6%9C%8D%E5%8A%A1%E5%99%A8%EF%BC%9A"><span class="toc-number">3.3.</span> <span class="toc-text">3.配置时间服务器：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#4-chronyc-%E5%91%BD%E4%BB%A4"><span class="toc-number">3.4.</span> <span class="toc-text">4.chronyc 命令:</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#3-%E7%AC%AC%E4%B8%89%E7%AB%A0-%E8%BF%9C%E7%A8%8B%E8%BF%9E%E6%8E%A5%E6%9C%8D%E5%8A%A1%E5%99%A8%EF%BC%9A"><span class="toc-number">4.</span> <span class="toc-text">3.第三章-远程连接服务器：</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#1-%E6%A6%82%E5%BF%B5%EF%BC%9A-1"><span class="toc-number">4.1.</span> <span class="toc-text">1.概念：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-%E8%BF%9E%E6%8E%A5%E5%8A%A0%E5%AF%86%E6%8A%80%E6%9C%AF%EF%BC%9A"><span class="toc-number">4.2.</span> <span class="toc-text">2.连接加密技术：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#3-ssh%E8%BF%9C%E7%A8%8B%E8%BF%9E%E6%8E%A5%E6%9C%8D%E5%8A%A1%EF%BC%9A"><span class="toc-number">4.3.</span> <span class="toc-text">3.ssh远程连接服务：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#4-%E9%85%8D%E7%BD%AESSH%E5%AF%86%E9%92%A5%EF%BC%9A"><span class="toc-number">4.4.</span> <span class="toc-text">4.配置SSH密钥：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#5-sftp%E7%94%A8%E6%B3%95"><span class="toc-number">4.5.</span> <span class="toc-text">5.sftp用法:</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#4-%E7%AC%AC%E5%9B%9B%E7%AB%A0-Web%E6%9C%8D%E5%8A%A1%E5%99%A8%EF%BC%9A"><span class="toc-number">5.</span> <span class="toc-text">4.第四章-Web服务器：</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#1-www%E7%AE%80%E4%BB%8B%EF%BC%9A"><span class="toc-number">5.1.</span> <span class="toc-text">1.www简介：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-%E7%BD%91%E5%9D%80%E5%8F%8AHTTP%E7%AE%80%E4%BB%8B%EF%BC%9A"><span class="toc-number">5.2.</span> <span class="toc-text">2.网址及HTTP简介：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#3-HTTP%E5%8D%8F%E8%AE%AE%E8%AF%B7%E6%B1%82%E7%9A%84%E5%B7%A5%E4%BD%9C%E6%B5%81%E7%A8%8B"><span class="toc-number">5.3.</span> <span class="toc-text">3.HTTP协议请求的工作流程:</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#4-www%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84%E7%B1%BB%E5%9E%8B"><span class="toc-number">5.4.</span> <span class="toc-text">4.www服务器的类型:</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#5-www%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84%E5%AE%89%E8%A3%85"><span class="toc-number">5.5.</span> <span class="toc-text">5.www服务器的安装:</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#6-%E9%85%8D%E7%BD%AE%E6%96%87%E4%BB%B6-%EF%BC%9A"><span class="toc-number">5.6.</span> <span class="toc-text">6.配置文件:：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#7-%E6%90%AD%E5%BB%BA%E5%9F%BA%E4%BA%8Ehttp%E5%8D%8F%E8%AE%AE%E7%9A%84%E9%9D%99%E6%80%81%E7%BD%91%E7%AB%99%EF%BC%9A"><span class="toc-number">5.7.</span> <span class="toc-text">7.搭建基于http协议的静态网站：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#8-%E6%90%AD%E5%BB%BA%E4%B8%A4%E4%B8%AA%E4%B8%8D%E5%90%8CIP%E5%9C%B0%E5%9D%80%E7%9A%84%E9%9D%99%E6%80%81%E7%BD%91%E7%AB%99%EF%BC%9A"><span class="toc-number">5.8.</span> <span class="toc-text">8.搭建两个不同IP地址的静态网站：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#9-%E6%90%AD%E5%BB%BA%E4%B8%A4%E4%B8%AA%E4%B8%8D%E5%90%8C%E7%AB%AF%E5%8F%A3%E5%8F%B7%E7%9A%84%E9%9D%99%E6%80%81%E7%BD%91%E7%AB%99%EF%BC%9A"><span class="toc-number">5.9.</span> <span class="toc-text">9.搭建两个不同端口号的静态网站：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#10-%E6%90%AD%E5%BB%BA%E4%B8%A4%E4%B8%AA%E5%9F%BA%E4%BA%8E%E5%9F%9F%E5%90%8D%E8%AE%BF%E9%97%AE%E7%9A%84%E7%BD%91%E7%AB%99%EF%BC%9A"><span class="toc-number">5.10.</span> <span class="toc-text">10.搭建两个基于域名访问的网站：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#11-%E6%90%AD%E5%BB%BA%E5%9F%BA%E4%BA%8Ehttps%E5%8D%8F%E8%AE%AE%E7%9A%84%E9%9D%99%E6%80%81%E7%BD%91%E7%AB%99%EF%BC%9A"><span class="toc-number">5.11.</span> <span class="toc-text">11.搭建基于https协议的静态网站：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E9%98%B6%E6%AE%B5%E4%B8%80%EF%BC%9A"><span class="toc-number">5.12.</span> <span class="toc-text">阶段一：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E9%98%B6%E6%AE%B5%E4%BA%8C%EF%BC%9A%E5%8F%AF%E4%BB%A5%E5%90%88%E5%B9%B6%E4%B8%BA%E4%B8%80%E4%B8%AA%E6%8A%A5%E6%96%87"><span class="toc-number">5.13.</span> <span class="toc-text">阶段二：可以合并为一个报文</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E9%98%B6%E6%AE%B5%E4%B8%89%EF%BC%9A"><span class="toc-number">5.14.</span> <span class="toc-text">阶段三：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#%E9%98%B6%E6%AE%B5%E5%9B%9B%EF%BC%9A"><span class="toc-number">5.15.</span> <span class="toc-text">阶段四：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#12-%E6%90%AD%E5%BB%BA%E5%9F%BA%E4%BA%8E%E8%99%9A%E6%8B%9F%E7%9B%AE%E5%BD%95%E5%92%8C%E7%94%A8%E6%88%B7%E6%8E%A7%E5%88%B6%E7%9A%84%E7%BD%91%E7%AB%99%EF%BC%9A"><span class="toc-number">5.16.</span> <span class="toc-text">12.搭建基于虚拟目录和用户控制的网站：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#13-%E6%90%AD%E5%BB%BA%E5%8A%A8%E6%80%81%E7%BD%91%E7%AB%99%EF%BC%9A"><span class="toc-number">5.17.</span> <span class="toc-text">13.搭建动态网站：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#14-%E6%90%AD%E5%BB%BA%E8%AE%BA%E5%9D%9B%EF%BC%9A"><span class="toc-number">5.18.</span> <span class="toc-text">14.搭建论坛：</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#5-%E6%90%AD%E5%BB%BAHalo%E5%8D%9A%E5%AE%A2%E7%A8%8B%E5%BA%8F%EF%BC%9A"><span class="toc-number">6.</span> <span class="toc-text">5.搭建Halo博客程序：</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#1-%E5%AE%89%E8%A3%85JAVA%EF%BC%9A"><span class="toc-number">6.1.</span> <span class="toc-text">1.安装JAVA：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-%E5%AE%89%E8%A3%85mysql%EF%BC%9A"><span class="toc-number">6.2.</span> <span class="toc-text">2.安装mysql：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#3-%E5%AE%89%E8%A3%85halo%EF%BC%9A"><span class="toc-number">6.3.</span> <span class="toc-text">3.安装halo：</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#6-%E7%AC%AC%E4%BA%94%E7%AB%A0-nginx%E6%9C%8D%E5%8A%A1%E5%99%A8%EF%BC%9A"><span class="toc-number">7.</span> <span class="toc-text">6.第五章-nginx服务器：</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#1-%E5%AE%89%E8%A3%85%E5%92%8C%E9%85%8D%E7%BD%AEnginx%EF%BC%9A"><span class="toc-number">7.1.</span> <span class="toc-text">1.安装和配置nginx：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-nginx%E6%9C%8D%E5%8A%A1%E5%99%A8%E9%85%8D%E7%BD%AEssl%E8%AF%81%E4%B9%A6%EF%BC%9A"><span class="toc-number">7.2.</span> <span class="toc-text">2.nginx服务器配置ssl证书：</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#7-%E7%AC%AC%E4%BA%94%E7%AB%A0-NFS%E6%9C%8D%E5%8A%A1%E5%99%A8%EF%BC%9A"><span class="toc-number">8.</span> <span class="toc-text">7.第五章-NFS服务器：</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#1-NFS%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84%E6%A6%82%E5%BF%B5%EF%BC%9A"><span class="toc-number">8.1.</span> <span class="toc-text">1.NFS服务器的概念：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-NFS%E7%9A%84%E4%BD%BF%E7%94%A8%EF%BC%9A"><span class="toc-number">8.2.</span> <span class="toc-text">2.NFS的使用：</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#8-%E7%AC%AC%E4%BA%94%E7%AB%A0-DNS%E5%9F%9F%E5%90%8D%E8%A7%A3%E6%9E%90%E6%9C%8D%E5%8A%A1%E5%99%A8%EF%BC%9A"><span class="toc-number">9.</span> <span class="toc-text">8.第五章-DNS域名解析服务器：</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#1-%E4%BB%8B%E7%BB%8D%EF%BC%9A"><span class="toc-number">9.1.</span> <span class="toc-text">1.介绍：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-%E5%9B%A0%E7%89%B9%E7%BD%91%E7%9A%84%E5%9F%9F%E5%90%8D%E7%BB%93%E6%9E%84%EF%BC%9A"><span class="toc-number">9.2.</span> <span class="toc-text">2.因特网的域名结构：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#3-%E5%9F%9F%E5%90%8D%E6%9C%8D%E5%8A%A1%E5%99%A8%E7%9A%84%E7%B1%BB%E5%9E%8B%E5%88%92%E5%88%86%EF%BC%9A"><span class="toc-number">9.3.</span> <span class="toc-text">3.域名服务器的类型划分：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#4-DNS%E5%9F%9F%E5%90%8D%E8%A7%A3%E6%9E%90%EF%BC%9A"><span class="toc-number">9.4.</span> <span class="toc-text">4.DNS域名解析：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#5-%E6%90%AD%E5%BB%BADNS%E6%9C%8D%E5%8A%A1%E5%99%A8"><span class="toc-number">9.5.</span> <span class="toc-text">5.搭建DNS服务器:</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#6-%E6%AD%A3%E5%90%91%E8%A7%A3%E6%9E%90%EF%BC%9A"><span class="toc-number">9.6.</span> <span class="toc-text">6.正向解析：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#7-%E5%8F%8D%E5%90%91%E8%A7%A3%E6%9E%90%EF%BC%9A"><span class="toc-number">9.7.</span> <span class="toc-text">7.反向解析：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#8-%E4%B8%BB%E4%BB%8E%E5%90%8C%E6%AD%A5%EF%BC%9A"><span class="toc-number">9.8.</span> <span class="toc-text">8.主从同步：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#9-%E6%89%B9%E9%87%8F%E8%A7%A3%E6%9E%90%EF%BC%9A"><span class="toc-number">9.9.</span> <span class="toc-text">9.批量解析：</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#9-%E7%AC%AC%E4%B8%83%E7%AB%A0-selinux%EF%BC%9A"><span class="toc-number">10.</span> <span class="toc-text">9.第七章-selinux：</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#1-%E6%A6%82%E5%BF%B5%EF%BC%9A-2"><span class="toc-number">10.1.</span> <span class="toc-text">1.概念：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-selinux%E7%9A%84%E8%BF%90%E8%A1%8C%E6%A8%A1%E5%BC%8F%EF%BC%9A"><span class="toc-number">10.2.</span> <span class="toc-text">2.selinux的运行模式：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#3-setlinux%E7%9A%84%E7%AD%96%E7%95%A5%EF%BC%9A"><span class="toc-number">10.3.</span> <span class="toc-text">3.setlinux的策略：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#4-setlinux%E7%9A%84%E5%AE%89%E5%85%A8%E4%B8%8A%E4%B8%8B%E6%96%87%EF%BC%9A"><span class="toc-number">10.4.</span> <span class="toc-text">4.setlinux的安全上下文：</span></a></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#10-%E7%AC%AC%E5%85%AB%E7%AB%A0-%E9%98%B2%E7%81%AB%E5%A2%99%EF%BC%9A"><span class="toc-number">11.</span> <span class="toc-text">10.第八章-防火墙：</span></a><ol class="toc-child"><li class="toc-item toc-level-3"><a class="toc-link" href="#1-%E6%A6%82%E5%BF%B5%EF%BC%9A-3"><span class="toc-number">11.1.</span> <span class="toc-text">1.概念：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#2-iptables%EF%BC%9A"><span class="toc-number">11.2.</span> <span class="toc-text">2.iptables：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#3-firewalld"><span class="toc-number">11.3.</span> <span class="toc-text">3.firewalld:</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#4-%E5%AF%8C%E8%A7%84%E5%88%99%EF%BC%9A"><span class="toc-number">11.4.</span> <span class="toc-text">4.富规则：</span></a></li><li class="toc-item toc-level-3"><a class="toc-link" href="#5-%E7%AB%AF%E5%8F%A3%E8%BD%AC%E5%8F%91%EF%BC%9A"><span class="toc-number">11.5.</span> <span class="toc-text">5.端口转发：</span></a></li></ol></li></ol></div></div><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>Recent Post</span></div><div class="aside-list"><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2023/03/13/4.%E6%95%B0%E6%8D%AE%E5%BA%93/B3.NoSQL%E6%95%B0%E6%8D%AE%E5%BA%93%20-%20MongDB/" title="NoSQL篇-MongDB数据库">NoSQL篇-MongDB数据库</a><time datetime="2023-03-13T12:32:38.445Z" title="Created 2023-03-13 20:32:38">2023-03-13</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2023/03/13/4.%E6%95%B0%E6%8D%AE%E5%BA%93/B2.NoSQL%E6%95%B0%E6%8D%AE%E5%BA%93%20-%20Redis/" title="NoSQL篇-Redis数据库">NoSQL篇-Redis数据库</a><time datetime="2023-03-13T12:32:38.441Z" title="Created 2023-03-13 20:32:38">2023-03-13</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2023/03/13/4.%E6%95%B0%E6%8D%AE%E5%BA%93/A1.MySQL-%E6%AC%A7%E9%B9%8F%E7%AF%87/" title="SQL篇-MySQL数据库">SQL篇-MySQL数据库</a><time datetime="2023-03-13T12:32:38.437Z" title="Created 2023-03-13 20:32:38">2023-03-13</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2023/03/13/3.linux/D2.Ansible%E5%89%A7%E6%9C%AC/" title="Ansible">Ansible</a><time datetime="2023-03-13T12:32:23.866Z" title="Created 2023-03-13 20:32:23">2023-03-13</time></div></div><div class="aside-list-item no-cover"><div class="content"><a class="title" href="/2023/03/13/3.linux/D1.Ansible%E8%87%AA%E5%8A%A8%E5%8C%96%E8%BF%90%E7%BB%B4%E5%B7%A5%E5%85%B7/" title="Ansible基础">Ansible基础</a><time datetime="2023-03-13T12:32:23.861Z" title="Created 2023-03-13 20:32:23">2023-03-13</time></div></div></div></div></div></div></main><footer id="footer"><div id="footer-wrap"><div class="copyright">&copy;2020 - 2023 By 阿尔托莉雅</div><div class="framework-info"><span>Framework </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>Theme </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="readmode" type="button" title="Read Mode"><i class="fas fa-book-open"></i></button><button id="darkmode" type="button" title="Toggle Between Light And Dark Mode"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="Toggle between single-column and double-column"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="Setting"><i class="fas fa-cog fa-spin"></i></button><button class="close" id="mobile-toc-button" type="button" title="Table Of Contents"><i class="fas fa-list-ul"></i></button><button id="go-up" type="button" title="Back To Top"><span class="scroll-percent"></span><i class="fas fa-arrow-up"></i></button></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.umd.min.js"></script><div class="js-pjax"></div><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div></body></html>